Zero Trust Architecture Basic Principles - correct answer -✔- Network is always
| | | | | | | | | | |
hostile - assume breach
| | | |
- Internal and external threats are always present
| | | | | | |
- Internal network != trusted
| | | |
- Every device, user and network flow must be proven
| | | | | | | | |
- log and inspect all traffic
| | | | |
p. 5 |
DISA zero trust pillars - correct answer -✔- User
| | | | | | | |
- Device
|
- Network/Environment
|
- Applications and workload
| | |
- Data
|
- Visibility and Analytics
| | |
- Automation and orchestration
| | |
p. 10 |
Zero Trust Mandates - correct answer -✔- All traffic must be secured
| | | | | | | | | | |
- Least privilege must be enforced
| | | | |
- All data flows must be known and controlled
| | | | | | | |
, - All assets must be scanned, hardened and rotated
| | | | | | | |
p. 11 |
Variable Trust - correct answer -✔- Access controlled by variable trust
| | | | | | | | | |
- similar to real life credit scores
| | | | | |
p. 12 |
Trust over time - correct answer -✔- the longer a machine or user is in prod, the
| | | | | | | | | | | | | | | |
more likely it is compromised or deviates from baseline
| | | | | | | | |
- rotation of these kinds of systems is necessary for zero trust architecture
| | | | | | | | | | | |
p. 13 |
Zero Trust Credentials - correct answer -✔- Credentials should be rotated
| | | | | | | | | |
regularly
|
- this goes against NIST800-63B best practices
| | | | | |
p. 19 |
NIST 800-63B - correct answer -✔- password rotation is not recommended
| | | | | | | | | |
- you force a change in password when there is evidence of compromise
| | | | | | | | | | | |
- justification is that regular password rotation leads to the likelihood of poor
| | | | | | | | | | | |
|passwords
p. 20 |
Local Administrator Password Solution (LAPS) - correct answer -✔- free tool
| | | | | | | | | |
from Microsoft
| |
| | | | | | | | | | |
hostile - assume breach
| | | |
- Internal and external threats are always present
| | | | | | |
- Internal network != trusted
| | | |
- Every device, user and network flow must be proven
| | | | | | | | |
- log and inspect all traffic
| | | | |
p. 5 |
DISA zero trust pillars - correct answer -✔- User
| | | | | | | |
- Device
|
- Network/Environment
|
- Applications and workload
| | |
- Data
|
- Visibility and Analytics
| | |
- Automation and orchestration
| | |
p. 10 |
Zero Trust Mandates - correct answer -✔- All traffic must be secured
| | | | | | | | | | |
- Least privilege must be enforced
| | | | |
- All data flows must be known and controlled
| | | | | | | |
, - All assets must be scanned, hardened and rotated
| | | | | | | |
p. 11 |
Variable Trust - correct answer -✔- Access controlled by variable trust
| | | | | | | | | |
- similar to real life credit scores
| | | | | |
p. 12 |
Trust over time - correct answer -✔- the longer a machine or user is in prod, the
| | | | | | | | | | | | | | | |
more likely it is compromised or deviates from baseline
| | | | | | | | |
- rotation of these kinds of systems is necessary for zero trust architecture
| | | | | | | | | | | |
p. 13 |
Zero Trust Credentials - correct answer -✔- Credentials should be rotated
| | | | | | | | | |
regularly
|
- this goes against NIST800-63B best practices
| | | | | |
p. 19 |
NIST 800-63B - correct answer -✔- password rotation is not recommended
| | | | | | | | | |
- you force a change in password when there is evidence of compromise
| | | | | | | | | | | |
- justification is that regular password rotation leads to the likelihood of poor
| | | | | | | | | | | |
|passwords
p. 20 |
Local Administrator Password Solution (LAPS) - correct answer -✔- free tool
| | | | | | | | | |
from Microsoft
| |
