Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Cloud Security Alliance CCZT Certificate of Competence in Zero Trust (CCZT) Exam Practice Test

Page: 1 / 6
Total 60 questions

Certificate of Competence in Zero Trust (CCZT) Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$43.75  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$38.5  $109.99
Question 1

Which approach to ZTA strongly emphasizes proper governance of

access privileges and entitlements for specific assets?

Options:

A.

ZTA using device application sandboxing

B.

ZTA using enhanced identity governance

C.

ZTA using micro-segmentation

D.

ZTA using network infrastructure and SDPs

Question 2

Which ZT tenet is based on the notion that malicious actors reside

inside and outside the network?

Options:

A.

Assume breach

B.

Assume a hostile environment

C.

Scrutinize explicitly

D.

Requiring continuous monitoring

Question 3

According to NIST, what are the key mechanisms for defining,

managing, and enforcing policies in a ZTA?

Options:

A.

Policy decision point (PDP), policy enforcement point (PEP), and

policy information point (PIP)

B.

Data access policy, public key infrastructure (PKI), and identity and

access management (IAM)

C.

Control plane, data plane, and application plane

D.

Policy engine (PE), policy administrator (PA), and policy broker (PB)

Question 4

To respond quickly to changes while implementing ZT Strategy, an

organization requires a mindset and culture of

Options:

A.

learning and growth.

B.

continuous risk evaluation and policy adjustment.

C.

continuous process improvement.

D.

project governance.

Question 5

Of the following, which option is a prerequisite action to understand the organization's protect surface clearly?

Options:

A.

Data and asset classification

B.

Threat intelligence capability and monitoring

C.

Gap analysis of the organization's threat landscape

D.

To have the latest risk register for controls implementation

Question 6

To ensure an acceptable user experience when implementing SDP, a

security architect should collaborate with IT to do what?

Options:

A.

Plan to release SDP as part of a single major change or a "big-bang"

implementation.

B.

Model and plan the user experience, client software distribution,

and device onboarding processes.

C.

Build the business case for SDP, based on cost modeling and

business value.

D.

Advise IT stakeholders that the security team will fully manage all

aspects of the SDP rollout.

Question 7

Scenario: A multinational org uses ZTA to enhance security. They

collaborate with third-party service providers for remote access to

specific resources. How can ZTA policies authenticate third-party

users and devices for accessing resources?

Options:

A.

ZTA policies can implement robust encryption and secure access

controls to prevent access to services from stolen devices, ensuring

that only legitimate users can access mobile services.

B.

ZTA policies should prioritize securing remote users through

technologies like virtual desktop infrastructure (VDI) and corporate

cloud workstation resources to reduce the risk of lateral movement via

compromised access controls.

C.

ZTA policies can be configured to authenticate third-party users

and their devices, determining the necessary access privileges for

resources while concealing all other assets to minimize the attack

surface.

D.

ZTA policies should primarily educate users about secure practices

and promote strong authentication for services accessed via mobile

devices to prevent data compromise.

Question 8

ZT project implementation requires prioritization as part of the

overall ZT project planning activities. One area to consider is______

Select the best answer.

Options:

A.

prioritization based on risks

B.

prioritization based on budget

C.

prioritization based on management support

D.

prioritization based on milestones

Question 9

To validate the implementation of ZT and ZTA, rigorous testing is essential. This ensures that access controls are functioning correctly and effectively safeguarded against potential threats,

while the intended service levels are delivered. Testing of ZT is therefore

Options:

A.

creating an agile culture for rapid deployment of ZT

B.

integrated in the overall cybersecurity program

C.

providing evidence of continuous improvement

D.

allowing direct user feedback

Question 10

What is the function of the rule-based security policies configured

on the policy decision point (PDP)?

Options:

A.

Define rules that specify how information can flow

B.

Define rules that specify multi-factor authentication (MFA)

requirements

C.

Define rules that map roles to users

D.

Define rules that control the entitlements to assets

Question 11

Which security tools or capabilities can be utilized to automate the

response to security events and incidents?

Options:

A.

Single packet authorization (SPA)

B.

Security orchestration, automation, and response (SOAR)

C.

Multi-factor authentication (MFA)

D.

Security information and event management (SIEM)

Question 12

SDP features, like multi-factor authentication (MFA), mutual

transport layer security (mTLS), and device fingerprinting, protect

against

Options:

A.

phishing

B.

certificate forgery

C.

domain name system (DNS) poisoning

D.

code injections

Question 13

Scenario: An organization is conducting a gap analysis as a part of

its ZT planning. During which of the following steps will risk

appetite be defined?

Options:

A.

Create a roadmap

B.

Determine the target state

C.

Determine the current state

D.

Define requirements

Question 14

Which of the following is a common activity in the scope, priority,

and business case steps of ZT planning?

Options:

A.

Determine the organization's current state

B.

Prioritize protect surfaces

O C. Develop a target architecture

C.

Identify business and service owners

Question 15

To ensure a successful ZT effort, it is important to

Options:

A.

engage finance regularly so they understand the effort and do not

cancel the project

B.

keep the effort focused within IT to avoid any distractions

C.

engage stakeholders across the organization and at all levels,

including functional areas

D.

minimize communication with the business units to avoid "scope

creep"

Question 16

ZTA reduces management overhead by applying a consistent

access model throughout the environment for all assets. What can

be said about ZTA models in terms of access decisions?

Options:

A.

The traffic of the access workflow must contain all the parameters

for the policy decision points.

B.

The traffic of the access workflow must contain all the parameters

for the policy enforcement points.

C.

Each access request is handled just-in-time by the policy decision

points.

D.

Access revocation data will be passed from the policy decision

points to the policy enforcement points.

Question 17

Which of the following is a required concept of single packet

authorizations (SPAs)?

Options:

A.

An SPA packet must be digitally signed and authenticated.

B.

An SPA packet must self-contain all necessary information.

C.

An SPA header is encrypted and thus trustworthy.

D.

Upon receiving an SPA, a server must respond to establish secure

connectivity.

Question 18

For ZTA, what should be used to validate the identity of an entity?

Options:

A.

Password management system

B.

Multifactor authentication

C.

Single sign-on

D.

Bio-metric authentication

Page: 1 / 6
Total 60 questions