A financial services company is redesigning its network security architecture to adopt a Zero Trust model, with the primary goal of mitigating the risk of lateral movement. Which of the following changes BEST represents the implementation of a core Zero Trust principle?
Requiring every access request to any internal application to be authenticated and authorized based on user identity and device health, regardless of the user's network location.
Implementing mandatory annual security awareness training for all employees to reduce the risk of phishing attacks.
Deploying a next-generation firewall at the network perimeter with advanced threat intelligence to inspect all ingress and egress traffic.
Encrypting all data at rest within the company's data center to protect it from physical theft of hardware.
The core principle of a Zero Trust architecture is "never trust, always verify," which means that no user or device is trusted by default, regardless of its location on the network. The best implementation of this principle is to require that every access request be individually authenticated and authorized based on a dynamic assessment of user identity, device health, and other contextual factors. This approach, often enforced through micro-segmentation and granular access policies, directly addresses the goal of preventing lateral movement. Strengthening the perimeter firewall is a feature of traditional security models, which Zero Trust aims to move beyond. Security awareness training and encrypting data at rest are essential security controls, but they do not represent the fundamental architectural shift of Zero Trust, which is focused on dynamically verifying access in transit.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'never trust, always verify' mean in Zero Trust architecture?
Open an interactive chat with Bash
What are micro-segmentation strategies in the context of Zero Trust?
Open an interactive chat with Bash
Why is continuous verification important in a Zero Trust model?
Open an interactive chat with Bash
ISC2 CISSP
Communication and Network Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access