ZTCA Practice Questions

A.  

Detecting data theft through malware.

B.  

Preventing non-malicious and/or accidental data leakage.

C.  

Error checking and validation to ensure data integrity.

D.  

Intercepting data poisoning attempts from authorized users.

A.  

Access control delivered via authentication, authorization, and accounting through a protocol such as RADIUS.

B.  

SCIM, leveraging an IdP.

C.  

Placing virtual firewall images in every public cloud you are deployed in.

D.  

The unique and definitive implementation of control, solely for that access request.

A.  

Two-factor authentication.

B.  

Controlling content and access.

C.  

Seeing where the traffic is going, either an IaaS/PaaS destination or a SaaS destination.

D.  

Analyzing various threat actors in the wild.

A.  

Digital transformation journeys

B.  

Blue teaming exercises

C.  

Red teaming exercises

D.  

Disaster recovery planning

A.  

Security breaches were historically less frequent.

B.  

TCP/IP, the foundation of most networks, inherently favors connectivity over trust.

C.  

It was easier to create direct P2P links between all devices, providing connectivity for rapid-downloading applications like BitTorrent and file sharing.

D.  

Layer 3 ACLs are sufficient for blocking untrusted initiators.

A.  

Any person who wants to connect to an enterprise-controlled application, including employees, third parties, and partners.

B.  

Remote employees only.

C.  

Untrusted third parties only.

D.  

Employees connecting from unmanaged endpoint devices only.

A.  

True

B.  

False

A.  

The VPN traffic is exempted from any security policies configured on the direct internet uplink router or appliance.

B.  

You no longer have the visibility required to make decisions on those traffic flows that are going directly out to the internet.

C.  

A split ACL list, which means only half the rules will be enforced.

D.  

An issue between the built-in client VPN agent on most modern operating systems and a third-party VPN gateway upstream.

A.  

Who is connecting.

B.  

Device posture-based determinations of quarantine.

C.  

Integration with third-party threat intelligence feeds.

D.  

ML-based application discovery as part of a microsegmentation implementation.

A.  

Be hashed, truncated, and stored in an obfuscated manner.

B.  

Give visibility of risky activity and allow enterprises to set acceptable thresholds of risk.

C.  

Provide access to the network.

D.  

Reduce processing load by enabling low-risk traffic to bypass less critical inspections.