New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Cloud Security Alliance CCZT Certificate of Competence in Zero Trust (CCZT) Exam Practice Test

Demo: 18 questions
Total 60 questions

Certificate of Competence in Zero Trust (CCZT) Questions and Answers

Question 1

Scenario: An organization is conducting a gap analysis as a part of

its ZT planning. During which of the following steps will risk

appetite be defined?

Options:

A.

Create a roadmap

B.

Determine the target state

C.

Determine the current state

D.

Define requirements

Question 2

Which approach to ZTA strongly emphasizes proper governance of

access privileges and entitlements for specific assets?

Options:

A.

ZTA using device application sandboxing

B.

ZTA using enhanced identity governance

C.

ZTA using micro-segmentation

D.

ZTA using network infrastructure and SDPs

Question 3

When planning for ZT implementation, who will determine valid

users, roles, and privileges for accessing data as part of data

governance?

Options:

A.

IT teams

B.

Application owners

C.

Asset owners

D.

Compliance officers

Question 4

In a ZTA, where should policies be created?

Options:

A.

Data plane

B.

Network

C.

Control plane

D.

Endpoint

Question 5

Which vital ZTA component enhances network security and

simplifies management by creating boundaries between resources

in the same network zone?

Options:

A.

Micro-segmentation

B.

Session establishment or termination

C.

Decision transmission

D.

Authentication request/validation request (AR/VR)

Question 6

For ZTA, what should be used to validate the identity of an entity?

Options:

A.

Password management system

B.

Multifactor authentication

C.

Single sign-on

D.

Bio-metric authentication

Question 7

According to NIST, what are the key mechanisms for defining,

managing, and enforcing policies in a ZTA?

Options:

A.

Policy decision point (PDP), policy enforcement point (PEP), and

policy information point (PIP)

B.

Data access policy, public key infrastructure (PKI), and identity and

access management (IAM)

C.

Control plane, data plane, and application plane

D.

Policy engine (PE), policy administrator (PA), and policy broker (PB)

Question 8

In SaaS and PaaS, which access control method will ZT help define

for access to the features within a service?

Options:

A.

Data-based access control (DBAC)

B.

Attribute-based access control (ABAC)

C.

Role-based access control (RBAC)

D.

Privilege-based access control (PBAC)

Question 9

Which of the following is a required concept of single packet

authorizations (SPAs)?

Options:

A.

An SPA packet must be digitally signed and authenticated.

B.

An SPA packet must self-contain all necessary information.

C.

An SPA header is encrypted and thus trustworthy.

D.

Upon receiving an SPA, a server must respond to establish secure

connectivity.

Question 10

SDP incorporates single-packet authorization (SPA). After

successful authentication and authorization, what does the client

usually do next? Select the best answer.

Options:

A.

Generates an SPA packet and sends it to the initiating host.

B.

Generates an SPA packet and sends it to the controller.

C.

Generates an SPA packet and sends it to the accepting host.

D.

Generates an SPA packet and sends it to the gateway.

Question 11

What does device validation help establish in a ZT deployment?

Options:

A.

Connection based on user

B.

High-speed network connectivity

C.

Trusted connection based on certificate-based keys

D.

Unrestricted public access

Question 12

To ensure an acceptable user experience when implementing SDP, a

security architect should collaborate with IT to do what?

Options:

A.

Plan to release SDP as part of a single major change or a "big-bang"

implementation.

B.

Model and plan the user experience, client software distribution,

and device onboarding processes.

C.

Build the business case for SDP, based on cost modeling and

business value.

D.

Advise IT stakeholders that the security team will fully manage all

aspects of the SDP rollout.

Question 13

Which architectural consideration needs to be taken into account

while deploying SDP? Select the best answer.

Options:

A.

How SDP deployment fits into existing network topologies and

technologies.

B.

How SDP deployment fits into external vendor assessment.

C.

How SDP deployment fits into existing human resource

management systems.

D.

How SDP deployment fits into application validation.

Question 14

What should an organization's data and asset classification be based on?

Options:

A.

Location of data

B.

History of data

C.

Sensitivity of data

D.

Recovery of data

Question 15

The following list describes the SDP onboarding process/procedure.

What is the third step? 1. SDP controllers are brought online first. 2.

Accepting hosts are enlisted as SDP gateways that connect to and

authenticate with the SDP controller. 3.

Options:

A.

Initiating hosts are then onboarded and authenticated by the SDP

gateway

B.

Clients on the initiating hosts are then onboarded and

authenticated by the SDP controller

C.

SDP gateway is brought online

D.

Finally, SDP controllers are then brought online

Question 16

What steps should organizations take to strengthen access

requirements and protect their resources from unauthorized access

by potential cyber threats?

Options:

A.

Understand and identify the data and assets that need to be

protected

B.

Identify the relevant architecture capabilities and components that

could impact ZT

C.

Implement user-based certificates for authentication

D.

Update controls for assets impacted by ZT

Question 17

In a ZTA, the logical combination of both the policy engine (PE) and

policy administrator (PA) is called

Options:

A.

policy decision point (PDP)

B.

role-based access

O C. policy enforcement point (PEP)

C.

data access policy

Question 18

How can device impersonation attacks be effectively prevented in a

ZTA?

Options:

A.

Strict access control

B.

Micro-segmentation

C.

Organizational asset management

D.

Single packet authorization (SPA)

Demo: 18 questions
Total 60 questions