Free CompTIA Security+ SY0-701 Practice Question

The Zero Trust Model is a security framework that mandates all users and devices, regardless of their location, to be authenticated, authorized, and continuously verified before accessing resources. This approach operates on the principle of 'never trust, always verify,' ensuring that no implicit trust is granted to assets based solely on their network location. The Least Privilege Model limits user access rights to only what is necessary for their job functions but does not require continuous validation. Defense in Depth is a layered security strategy that uses multiple defenses but doesn't inherently require continuous authentication and authorization. Discretionary Access Control allows data owners to set access permissions but doesn't enforce continuous validation of users and devices.