A security engineer is redesigning the company's remote access strategy after several internal breaches were traced to compromised credentials. The solution must verify each user or device every time they request access to any resource, apply least-privilege policies based on identity and contextual factors such as device health, and eliminate implicit trust associated with being on the corporate network. Which security model best meets these requirements?
The Zero Trust Model continuously verifies users and devices before granting access, thereby reducing the attack surface by eliminating implicit trust. It enforces strict access policies based on identity, context, and risk assessment. Role-Based Access Control assigns permissions based on predefined roles without necessarily verifying each access request or removing implicit trust. Discretionary Access Control lets resource owners grant access at their discretion, which may not enforce continuous identity verification. Mandatory Access Control determines access by predefined classifications and clearances, not adaptively by identity and context.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the key principles of the Zero Trust Model?
Open an interactive chat with Bash
How does the Zero Trust Model compare to Role-Based Access Control (RBAC)?
Open an interactive chat with Bash
What technologies support implementing the Zero Trust Model?