A company is revising its network security strategy to align with a Zero Trust model. Which of the following principles should be the foundational guideline for the company's revised approach to network security?
The central tenet of Zero Trust is 'never trust, always verify'. Unlike traditional security models that operate on the assumption that everything inside the network perimeter is safe, the Zero Trust model treats all traffic as untrusted, requiring continuous verification of each request, regardless of whether it originates from inside or outside the organization's network. The other options listed, while relevant to security, do not embody the foundational guideline of the Zero Trust model. 'Restricting user privileges' is a part of the principle of least privilege, 'encrypting data at rest' is a data security measure, and 'implementing implicit trust zones' goes against the Zero Trust model which doesn't use implicit trust.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why does Zero Trust treat internal traffic as untrusted?
Open an interactive chat with Bash
How is 'least privilege' different from 'never trust, always verify'?
Open an interactive chat with Bash
What technologies or methods help enforce the Zero Trust principle?