CCZT Online Practice Questions and Answers

Correct Answer: A

The third step in the SDP onboarding process is to onboard and authenticate the initiating hosts, which are the clients that request access to the protected resources. The initiating hosts connect to and authenticate with the SDP gateway,

which acts as an accepting host and a proxy for the protected resources. The SDP gateway verifies the identity and posture of the initiating hosts and grants them access to the resources based on the policies defined by the SDP controller.

References:

Certificate of Competence in Zero Trust (CCZT) prepkit, page 21, section 3.1.2 6 SDP Deployment Models to Achieve Zero Trust | CSA, section "Deployment Models Explained"

Software-Defined Perimeter (SDP) and Zero Trust | CSA, page 7, section 3.1

Correct Answer: A

Policy is the element of ZT that focuses on the governance rules that define the "who, what, when, how, and why" aspects of accessing target resources. Policy is the core component of a ZTA that determines the access decisions and

controls for each request based on various attributes and factors, such as user identity, device posture, network location, resource sensitivity, and environmental context. Policy is also the element that enables the ZT principles of "never trust,

always verify" and "scrutinize explicitly" by enforcing granular, dynamic, and data-driven rules for each access request.

References:

Certificate of Competence in Zero Trust (CCZT) prepkit, page 14, section 2.2.2 What Is Zero Trust Architecture (ZTA)? - F5, section "Policy Engine" Zero Trust Architecture Project - NIST Computer Security Resource Center, slide 9 [Zero

Trust Frameworks Architecture Guide - Cisco], page 4, section "Policy Decision Point"

Correct Answer: A

ZT project implementation requires prioritization as part of the overall ZT project planning activities. One area to consider is prioritization based on risks, which means that the organization should identify and assess the potential threats,

vulnerabilities, and impacts that could affect its assets, operations, and reputation, and prioritize the ZT initiatives that address the most critical and urgent risks. Prioritization based on risks helps to align the ZT project with the business

objectives and needs, and optimize the use of resources and time.

References:

Zero Trust Planning - Cloud Security Alliance, section "Scope, Priority, and Business Case"

The Zero Trust Journey: 4 Phases of Implementation - SEI Blog, section "Second Phase: Assess"

Planning for a Zero Trust Architecture: A Planning Guide for Federal ..., section "Gap Analysis"

Correct Answer: B

The essential components of an organization's ongoing risk analysis are assessment frequency, metrics, and data. Assessment frequency refers to how often the organizationconducts risk assessments to monitor and measure the

effectiveness of the zero trust architecture and policies. Metrics refer to the quantitative and qualitative indicators that are used to evaluate the security posture, performance, and compliance of the zero trust architecture. Data refers to the

information that is collected, analyzed, and reported from various sources, such as telemetry, logs, audits, and feedback, to support risk analysis and decision making.

References:

Zero Trust Planning - Cloud Security Alliance, section "Monitor and Measure" How to improve risk management using Zero Trust architecture | Microsoft Security Blog, section "Monitoring and reporting" Zero Trust Adoption: Managing Risk with

Cybersecurity Engineering and Adaptive Risk Assessment - SEI Blog, section "Continuous Monitoring and Improvement"

Correct Answer: A

A common activity in the scope, priority, and business case steps of ZT planning is to determine the organization's current state. This involves assessing the existing security posture, architecture, policies, processes, and capabilities of the

organization, as well as identifying the key stakeholders, business drivers, and goals for the ZT initiative. Determining the current state helps to establish a baseline, identify gaps and risks, and define the scope and priority of the ZT

transformation.

References:

Zero Trust Planning - Cloud Security Alliance, section "Scope, Priority, and Business Case"

The Zero Trust Journey: 4 Phases of Implementation - SEI Blog, section "First Phase: Prepare"

Correct Answer: C

Testing of ZT is providing evidence of continuous improvement because it helps to measure the effectiveness and efficiency of the ZT and ZTA implementation. Testing of ZT also helps to identify and address any gaps, issues, or risks that may arise during the ZT and ZTA lifecycle. Testing of ZT enables the organization to monitor and evaluate the ZT and ZTA performance and maturity, and to apply feedback and lessons learned to improve the ZT and ZTA processes and outcomes. References: Certificate of Competence in Zero Trust (CCZT) - Cloud Security Alliance, Zero Trust Training (ZTT) - Module 8: Testing and Validation

Correct Answer: C

Log collection is an essential component of ZTA, as it provides the data needed to monitor, audit, and improve the security posture of the network. By collecting logs from different sources, such as devices, applications, firewalls, gateways,

and policies, ZTA can support various functions, such as:

Change management: Logs can help track and document any changes made to the network configuration, policies, or resources, and assess their impact on the security and performance of the network. Logs can also help identify and revert

any unauthorized or erroneous changes that may compromise the network integrity1.

Incident management: Logs can help detect and respond to any security incidents, such as breaches, attacks, or anomalies, that may occur in the network. Logs can provide the evidence and context needed to investigate the root cause,

scope, and impact of the incident, and to take appropriate remediation actions2. Visibility and analytics: Logs can help provide a comprehensive and granular view of the network activity, performance, and behavior. Logs can be used to

generate dashboards, reports, and alerts that can help measure and improve the network security and efficiency. Logs can also be used to apply advanced analytics techniques, such as machine learning, to identify patterns, trends, and

insights that can help optimize the network operations and security3.

References:

Zero Trust Architecture: Data Sources

Zero Trust Architecture: Incident Response

Zero Trust Architecture: Visibility and Analytics

Correct Answer: C

Device validation helps establish a trusted connection based on certificate-based keys in a ZT deployment. Device validation is the process of verifying the identity and posture of the devices that request access to the protected resources.

Device validation relies on the use of certificates, which are digital credentials that bind the device identity to a public key. Certificates are issued by a trusted authority and can be used to authenticate the device and encrypt the

communication. Device validation helps to ensure that only healthy and compliant devices can access the resources, and that the connection is secure and confidential.

References:

Certificate of Competence in Zero Trust (CCZT) prepkit, page 15, section 2.2.3 Zero Trust and Windows device health - Windows Security, section "Device health attestation on Windows"

Devices and zero trust | Google Cloud Blog, section "In a zero trust environment, every device has to earn trust in order to be granted access."

Correct Answer: A

According to NIST, the key mechanisms for defining, managing, and enforcing policies in a ZTA are the policy decision point (PDP), the policy enforcement point (PEP), and the policy information point (PIP). The PDP is the component that

evaluates the policies and the contextual data collected from various sources and generates an access decision. The PEP isthe component that enforces the access decision on the resource. The PIP is the component that provides the

contextual data to the PDP, such as the user identity, the device posture, the network location, the resource attributes, and the environmental factors.

References:

Zero Trust Architecture Project - NIST Computer Security Resource Center, slide 9 What Is Zero Trust Architecture (ZTA)? - F5, section "Policy Engine" Zero Trust Frameworks Architecture Guide - Cisco, page 4, section "Policy Decision

Point"

Correct Answer: D

One of the key purposes of leveraging visibility and analytics capabilities in a ZTA is to continually evaluate user behavior against a baseline to identify unusual actions. This helps to detect and respond to potential threats, anomalies, and

deviations from the normal patterns of user activity. Visibility and analytics capabilities also enable the collection and analysis of telemetry data across all the core pillars of ZTA, such as user, device, network, application, and data, and provide

insights for policy enforcement and improvement.

References:

Certificate of Competence in Zero Trust (CCZT) prepkit, page 15, section 2.2.3 Zero Trust for Government Networks: 4 Steps You Need to Know, section "Continuously verify trust with visibility and analytics" The role of visibility and analytics in

zero trust architectures, section "The basic NIST tenets of this approach include"

What is Zero Trust Architecture (ZTA)? | NextLabs, section "With real-time access control, users are reliably verified and authenticated before each session"