An organization is rolling out a new access control strategy for its cloud environment. The security engineer insists that every access request-regardless of where the user or device is located-must be re-evaluated in real time based on factors such as device health, user behavior, location, and data sensitivity before access is granted or allowed to continue. Which access control model best matches this approach?
The Zero Trust Model never assumes implicit trust. Every request to a resource must be authenticated and authorized using multiple contextual signals, including identity, device posture, location, time, and data classification. This continuous, adaptive process contrasts with Discretionary Access Control and Role-Based Access Control, which rely on predefined, largely static permissions, and with Mandatory Access Control, which enforces access strictly according to security classifications without reassessing context during a session.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the core principles of the Zero Trust Model?
Open an interactive chat with Bash
How does Zero Trust differ from traditional access control models like RBAC or DAC?
Open an interactive chat with Bash
What technologies or practices help implement the Zero Trust Model in organizations?