CRISC Question #621: Real Exam Question with Answer & Explanation

Question

An organization is implementing Zero Trust architecture to improve its security posture. Which of the following is the MOST important input to develop the architecture?

Options

• ACloud services risk assessments
• BThe organization's threat model
• CAccess control logs
• DMulti-factor authentication (MFA) architecture

Explanation

To effectively design a Zero Trust architecture, understanding the specific threats an organization faces is the most critical starting point.

Common mistakes.

• A. Cloud services risk assessments are important but are a component of a broader risk strategy, not the fundamental input for the entire Zero Trust architecture.
• C. Access control logs are valuable for monitoring and auditing after an architecture is in place, but they don't serve as the primary input for its initial design.
• D. MFA architecture is a specific control within a Zero Trust framework, not the foundational input for developing the overall architecture.

Concept tested. Zero Trust architecture foundational input

Reference. https://learn.microsoft.com/en-us/security/zero-trust/zero-trust-overview

No community discussion yet for this question.