CSA CCZT Exam Practice Test Instant Access

Question 1

What should be a key component of any ZT project, especially

during implementation and adjustments?

AExtensive task monitoring

BFrequent technology changes

CProper risk management

DFrequent policy audits
Proper risk management should be a key component of any ZT project, especially during implementation and adjustments, because it helps to identify, analyze, evaluate, and treat the potential risks that may affect the ZT and ZTA objectives and outcomes. Proper risk management also helps to prioritize the ZT and ZTA activities and resources based on the risk level and impact, and to monitor and review the risk mitigation strategies and actions.
Reference=Certificate of Competence in Zero Trust (CCZT) - Cloud Security Alliance,Zero Trust Training (ZTT) - Module 9: Risk Management

Answer : C

Question 2

During the monitoring and analytics phase of ZT transaction flows,

organizations should collect statistics and profile the behavior of

transactions. What does this support in the ZTA?

ACreating firewall policies to protect data in motion

BA continuous assessment of all transactions

CFeeding transaction logs into a log monitoring engine

DThe monitoring of relevant data in critical areas
During the monitoring and analytics phase of ZT transaction flows, organizations should collect statistics and profile the behavior of transactions to support a continuous assessment of all transactions. A continuous assessment of all transactions means that the organization constantly evaluates the security posture, performance, and compliance of each transaction, and detects and responds to any anomalies, deviations, or threats. A continuous assessment of all transactions helps to maintain a high level of protection and resilience in the ZTA, and enables the organization to adjust and improve the policies and controls accordingly.
Reference=
Zero Trust Planning - Cloud Security Alliance, section ''Monitor & Measure''
The role of visibility and analytics in zero trust architectures, section ''The basic NIST tenets of this approach include''
Move to the Zero Trust Security Model - Trailhead, section ''Monitor and Maintain Your Environment''

Answer : B

Question 3

Which approach to ZTA strongly emphasizes proper governance of

access privileges and entitlements for specific assets?

AZTA using device application sandboxing

BZTA using enhanced identity governance

CZTA using micro-segmentation

DZTA using network infrastructure and SDPs
ZTA using enhanced identity governance is an approach to ZTA that strongly emphasizes proper governance of access privileges and entitlements for specific assets. This approach focuses on managing the identity lifecycle, enforcing granular and dynamic policies, and auditing and monitoring access activities. ZTA using enhanced identity governance helps to ensure that only authorized and verified entities can access the protected assets based on the principle of least privilege and the context of the request.
Reference=Certificate of Competence in Zero Trust (CCZT) - Cloud Security Alliance,Zero Trust Training (ZTT) - Module 5: Enhanced Identity Governance

Answer : B

Question 4

What does device validation help establish in a ZT deployment?

AConnection based on user

BHigh-speed network connectivity

CTrusted connection based on certificate-based keys

DUnrestricted public access
Device validation helps establish a trusted connection based on certificate-based keys in a ZT deployment. Device validation is the process of verifying the identity and posture of the devices that request access to the protected resources. Device validation relies on the use of certificates, which are digital credentials that bind the device identity to a public key. Certificates are issued by a trusted authority and can be used to authenticate the device and encrypt the communication. Device validation helps to ensure that only healthy and compliant devices can access the resources, and that the connection is secure and confidential.
Reference=
Certificate of Competence in Zero Trust (CCZT) prepkit, page 15, section 2.2.3
Zero Trust and Windows device health - Windows Security, section ''Device health attestation on Windows''
Devices and zero trust | Google Cloud Blog, section ''In a zero trust environment, every device has to earn trust in order to be granted access.''

Answer : C

Question 5

Which element of ZT focuses on the governance rules that define

the "who, what, when, how, and why" aspects of accessing target

resources?

APolicy

BData sources

CScrutinize explicitly

DNever trust, always verify
Policy is the element of ZT that focuses on the governance rules that define the ''who, what, when, how, and why'' aspects of accessing target resources. Policy is the core component of a ZTA that determines the access decisions and controls for each request based on various attributes and factors, such as user identity, device posture, network location, resource sensitivity, and environmental context. Policy is also the element that enables the ZT principles of ''never trust, always verify'' and ''scrutinize explicitly'' by enforcing granular, dynamic, and data-driven rules for each access request.
Reference=
Certificate of Competence in Zero Trust (CCZT) prepkit, page 14, section 2.2.2
What Is Zero Trust Architecture (ZTA)? - F5, section ''Policy Engine''
Zero Trust Architecture Project - NIST Computer Security Resource Center, slide 9
[Zero Trust Frameworks Architecture Guide - Cisco], page 4, section ''Policy Decision Point''

Answer : A

Question 6

Which of the following is a common activity in the scope, priority,

and business case steps of ZT planning?

ADetermine the organization's current state

BPrioritize protect surfaces
O C. Develop a target architecture

DIdentify business and service owners
A common activity in the scope, priority, and business case steps of ZT planning is to determine the organization's current state. This involves assessing the existing security posture, architecture, policies, processes, and capabilities of the organization, as well as identifying the key stakeholders, business drivers, and goals for the ZT initiative. Determining the current state helps to establish a baseline, identify gaps and risks, and define the scope and priority of the ZT transformation.
Reference=
Zero Trust Planning - Cloud Security Alliance, section ''Scope, Priority, & Business Case''
The Zero Trust Journey: 4 Phases of Implementation - SEI Blog, section ''First Phase: Prepare''

Answer : A

Question 7

The following list describes the SDP onboarding process/procedure.

What is the third step? 1. SDP controllers are brought online first. 2.

Accepting hosts are enlisted as SDP gateways that connect to and

authenticate with the SDP controller. 3.

AInitiating hosts are then onboarded and authenticated by the SDP
gateway

BClients on the initiating hosts are then onboarded and
authenticated by the SDP controller

CSDP gateway is brought online

DFinally, SDP controllers are then brought online
The third step in the SDP onboarding process is to onboard and authenticate the initiating hosts, which are the clients that request access to the protected resources. The initiating hosts connect to and authenticate with the SDP gateway, which acts as an accepting host and a proxy for the protected resources. The SDP gateway verifies the identity and posture of the initiating hosts and grants them access to the resources based on the policies defined by the SDP controller.
Reference=
Certificate of Competence in Zero Trust (CCZT) prepkit, page 21, section 3.1.2
6 SDP Deployment Models to Achieve Zero Trust | CSA, section ''Deployment Models Explained''
Software-Defined Perimeter (SDP) and Zero Trust | CSA, page 7, section 3.1

Answer : A

CSA CCZT Certificate of Competence in Zero Trust Exam Practice Test