ExpertMedium1 markMultiple Choice
CPA · Question 19 · Area II: Security
A company implements a 'Zero Trust' architecture. Which of the following principles is central to this approach?
A company implements a 'Zero Trust' architecture. Which of the following principles is central to this approach?
Answer options:
A.
Trust but verify.
B.
Perimeter-based security is sufficient.
C.
Internal traffic is trusted; external traffic is untrusted.
D.
Never trust, always verify.
How to approach this question
Identify the core philosophy of Zero Trust.
Full Answer
D.Never trust, always verify.✓ Correct
D
Zero Trust assumes that threats exist both inside and outside the network. Therefore, no user or device is trusted by default. Every access request must be authenticated, authorized, and encrypted before granting access.
Common mistakes
Thinking Zero Trust is about strong firewalls (it's about identity and micro-segmentation).
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium