312-50V13 Question #427: Real Exam Question with Answer & Explanation

Question

Eric, a cloud security engineer, implements a technique for securing the cloud resources used by his organization. This technique assumes by default that a user attempting to access the network is not an authentic entity and verifies every incoming connection before allowing access to the network. Using this technique, he also imposed conditions such that employees can access only the resources required for their role. What is the technique employed by Eric to secure cloud resources?

Options

• AServerless computing
• BDemilitarized zone
• CContainer technology
• DZero trust network

Explanation

Zero Trust Network (D) is correct because it operates on the principle of "never trust, always verify" - meaning no user or device is automatically trusted, even if they are inside the network perimeter. Every connection request must be authenticated and authorized before access is granted, and access is limited strictly to resources needed for a specific role (known as least privilege access), which perfectly matches Eric's implementation.

Why the distractors are wrong:

• A. Serverless computing refers to a cloud execution model where the cloud provider manages server infrastructure - it has nothing to do with authentication or access control.
• B. Demilitarized zone (DMZ) is a network segment that separates public-facing services from internal networks; it assumes internal users are trusted, which is the opposite of Zero Trust philosophy.
• C. Container technology is a method of packaging and deploying applications in isolated environments, unrelated to the trust-based access control described.

Memory Tip: Think of Zero Trust as a "guilty until proven innocent" security model - everyone must prove their identity every time, and they only get access to exactly what they need. The phrase "never trust, always verify" is the official Zero Trust motto and a reliable exam trigger phrase.

No community discussion yet for this question.