A company implements a 'Zero Trust' architecture. Which of the following principles is central to this approach?

Answer options:

Trust but verify

Perimeter-based security is sufficient

Never trust, always verify, regardless of network location

Internal traffic does not need encryption

How to approach this question

Zero Trust = No implicit trust. Being 'inside' the firewall means nothing.

Full Answer

C.Never trust, always verify, regardless of network location✓ Correct

Never trust, always verify, regardless of network location

Zero Trust requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter.

Common mistakes

Confusing with 'Trust but verify'.

Question 17 All questions Question 19

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard Q04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...Hard Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard

View all 82 questions →