CCZT Free Practice Test

How can ZTA planning improve the developer experience?

1. A. Streamlining access provisioning to deployment environments.
2. B. Require deployments to be grouped into quarterly batches.
3. C. Use of a third-party tool for continuous integration/continuous deployment (CI/CD) and deployments.
4. D. Disallowing DevOps teams access to the pipeline or deployments.

Correct Answer: A
ZTA planning can improve the developer experience by streamlining access provisioning to deployment environments. This means that developers can access the resources and services they need to deploy their applications in a fast and secure manner, without having to go through complex and manual processes. ZTA planning can also help to automate and orchestrate the access provisioning using dynamic and granular policies based on the context and attributes of the developers, devices, and applications.
References = Certificate of Competence in Zero Trust (CCZT) - Cloud Security Alliance, Zero Trust Training (ZTT) - Module 10: ZTA Planning and Implementation

What steps should organizations take to strengthen access requirements and protect their resources from unauthorized access by potential cyber threats?

1. A. Understand and identify the data and assets that need to be protected
2. B. Identify the relevant architecture capabilities and components that could impact ZT
3. C. Implement user-based certificates for authentication
4. D. Update controls for assets impacted by ZT

Correct Answer: A
The first step that organizations should take to strengthen access requirements and protect their resources from unauthorized access by potential cyber threats is to understand and identify the data and assets that need to be protected. This step involves conducting a data and asset inventory and classification, which helps to determine the value, sensitivity, ownership, and location of the data and assets. By understanding and identifying the dataand assets that need to be protected, organizations can define the appropriate access policies and controls based on the Zero Trust principles of never trust, always verify, and assume breach.
References = Certificate of Competence in Zero Trust (CCZT) - Cloud Security Alliance, Zero Trust Training (ZTT) - Module 2: Data and Asset Classification

In a ZTA, automation and orchestration can increase security by using the following means:

1. A. Kubernetes and docker
2. B. Static application security testing (SAST) and dynamic application security testing (DAST)
3. C. Data loss prevention (DLP) and cloud security access broker (CASB)
4. D. Infrastructure as code (laC) and identity lifecycle management

Correct Answer: D
In a ZTA, automation and orchestration can increase security by using the following means:
✑ Infrastructure as code (laC): laC is a practice of managing and provisioning IT
infrastructure through code, rather than manual processes or configuration
tools1. laC can increase security by enabling consistent, repeatable, and scalable deployment of ZTA components, such as policies, gateways, firewalls, and micro- segments2. laC can also facilitate compliance, auditability, and change management, as well as reduce human errors and configuration drifts3.
✑ Identity lifecycle management: Identity lifecycle management is a process of managing the creation, modification, and deletion of user identities and their access rights throughout their lifecycle4. Identity lifecycle management can increase security by ensuring that users have the appropriate level of access to resources at any given time, based on the principle of least privilege5. Identity lifecycle management can also automate the provisioning and deprovisioning of user accounts, enforce strong authentication and authorization policies, and monitor and audit user activity and behavior6.
References =
✑ What is Infrastructure as Code? | Cloudflare
✑ Zero Trust Architecture: Infrastructure as Code
✑ Infrastructure as Code: Security Best Practices
✑ What is Identity Lifecycle Management? | One Identity
✑ Zero Trust Architecture: Identity and Access Management
✑ Identity Lifecycle Management: A Zero Trust Security Strategy

Which security tools or capabilities can be utilized to automate the response to security events and incidents?

1. A. Single packet authorization (SPA)
2. B. Security orchestration, automation, and response (SOAR)
3. C. Multi-factor authentication (MFA)
4. D. Security information and event management (SIEM)

Correct Answer: B
SOAR is a collection of software programs developed to bolster an organization??s cybersecurity posture. SOAR tools can automate the response to security events and incidents by executing predefined workflows or playbooks, which can include tasks such as alert triage, threat detection, containment, mitigation, and remediation. SOAR tools can also orchestrate the integration of various security tools and data sources, and provide centralized dashboards and reporting for security operations.
References =
✑ Certificate of Competence in Zero Trust (CCZT) prepkit, page 23, section 3.2.2
✑ Security Orchestration, Automation and Response (SOAR) - Gartner
✑ Security Automation: Tools, Process and Best Practices - Cynet, section ??What are the different types of security automation tools???
✑ Introduction to automation in Microsoft Sentinel

In a ZTA, what is a key difference between a policy decision point (PDP) and a policy enforcement point (PEP)?

1. A. A PDP measures incoming signals against a set of access determination criteri
2. B. A PEP uses incoming signals to open or close a connection.
3. C. A PDP measures incoming signals and makes dynamic risk determination
4. D. A PEP uses incoming signals to make static risk determinations.
5. E. A PDP measures incoming control plane authentication signal
6. F. A PEP measures incoming data plane authorization signals.
7. G. A PDP measures incoming signals in an untrusted zon
8. H. A PEP measures incoming signals in an implicit trust zone.

Correct Answer: A
In a ZTA, a policy decision point (PDP) is a logical component that evaluates the incoming signals from an entity requesting access to a resource against a set of access determination criteria, such as identity, context, device, location, and behavior1. A PDP then makes a decision to grant or deny access, or to request additional information or verification, based on the policies defined by the policy administrator1. A policy enforcement point (PEP) is a logical component that uses the incoming signals from the PDP to open or close a connection between the entity and the resource1. A PEP acts as a gateway or intermediary that enforces the decision made by the PDP and prevents unauthorized or risky access2.
References =
✑ Zero Trust Architecture | NIST
✑ Policy Enforcement Point (PEP) - Pomerium