312-50V13 Question #619: Real Exam Question with Answer & Explanation

Question

You are a cloud security expert at CloudGuard Inc. working with a client who plans to transition their infrastructure to a public cloud. The client expresses concern about potential data breaches and wants to ensure that only authorized personnel can access certain sensitive resources. You propose implementing a Zero Trust security model. Which of the following best describes how the Zero Trust model would enhance the security of their cloud resources?

Options

• AIt operates on the principle of least privilege, verifying each request as if it is from an untrusted
• BIt encrypts all data stored in the cloud, ensuring only authorized users can decrypt it.
• CIt uses multi-factor authentication for all user accounts.
• DIt ensures secure data transmission by implementing SSL/TLS protocols.

Explanation

The Zero Trust model enhances cloud security by operating on the principle of "never trust, always verify," meaning every access request is authenticated and authorized based on least privilege, regardless of its origin.

Common mistakes.

• B. While encrypting all data stored in the cloud is a crucial security measure, it is a component of data protection, not the overarching principle of how Zero Trust verifies and authorizes access requests.
• C. Using multi-factor authentication (MFA) is a strong authentication method and a component of a Zero Trust strategy, but it does not fully encompass the entire "never trust, always verify" philosophy that applies to all access, authorization, and least privilege.
• D. Implementing SSL/TLS protocols ensures secure data transmission in transit, which is a necessary security measure but not the defining characteristic or primary enhancement offered by a Zero Trust model's approach to access control.

Concept tested. Zero Trust model principles

Reference. https://learn.microsoft.com/en-us/security/zero-trust/zero-trust-overview

No community discussion yet for this question.