A.  

True

B.  

False

A.  

Connecting an initiator to internal and external applications from the Zero Trust Exchange.

B.  

A handshake between the initiator and destination application.

C.  

The setup of an enterprise SSO or AD server for credential validation.

D.  

Verification of identity and context of the connection.

A.  

The initiator will not have access to the service.

B.  

Network access is maintained via TCP keepalive messages.

C.  

Users will continue to be able to access services via the internet.

D.  

A path from initiator to the network must be put in place, for example VPN.

A.  

Controlling content and access.

B.  

Re-checking the SAML assertion.

C.  

Enforcing policy.

D.  

Microsegmentation.

A.  

True

B.  

False

A.  

Automated DevOps pipelines.

B.  

API integrations between the Zero Trust platform and the major cloud providers.

C.  

Multi-factor authentication.

D.  

Premium cloud provider subscriptions.

A.  

True

B.  

False

A.  

Inspection controls only in limited core sites.

B.  

Locations in few high-traffic geographic regions.

C.  

Scalable inspection solutions at 150+ public locations and locally in private locations.

D.  

Expanded its scope to try to provide the proof for Fermat’s Last Theorem.

A.  

True

B.  

False

A.  

A device used to create a secure communication channel with a Web Application Firewall (WAF).

B.  

A cloud-managed endpoint device via an MDM solution.

C.  

An agent installed on the endpoint to tunnel authorized user traffic to the Zero Trust Exchange for protection of SaaS, private applications, and internet-bound traffic.

D.  

A marketplace platform that connects different types of business clients to each other.

A.  

Any person who wants to connect to an enterprise-controlled application, including employees, third parties, and partners.

B.  

Remote employees only.

C.  

Untrusted third parties only.

D.  

Employees connecting from unmanaged endpoint devices only.

A.  

Leverage the lowest-latency path, which typically involves service chaining to send traffic to a specialized branch where a stack of firewalls is hosted on a rack.

B.  

Only view the metadata of a connection, such as who is calling and where they are calling.

C.  

Optimize their throughput.

D.  

Leverage tremendous cost savings, since TLS/SSL connections have a per-packet premium cost associated with processing them.

A.  

Ensuring that a user is correctly authorized at the application.

B.  

Delivering connectivity, regardless of network or location, but only for authorized and compliant requests.

C.  

By connecting an initiator to a cloud network-gateway edge and then routing the user traffic over internal networks.

D.  

Layering in IP-level ACLs, which can require thousands of rules for modern web applications that are constantly adding new source IPs.

A.  

To build structured naming conventions for applications, for example Country:City:Location:Function.

B.  

So that these can be stored in a CMDB (Configuration Management Database) system, which can be used as a policy enforcement plane for application traffic.

C.  

To differentiate destination applications from each other, thus enabling the deployment of granular control from valid initiator to valid destination application.

D.  

To know which ACLs to set on their firewall.

A.  

Permanent quarantining of devices in a particular VLAN.

B.  

Re-categorization of an initiator, and their organization, so that subsequent access requests are limited, deceived, or stopped.

C.  

Logging violations in a public database.

D.  

Deploying best-in-class security appliances.

A.  

Revoke network access to unauthorized users, devices, and workloads.

B.  

Provide a secure set of controls for the initiator, requiring the initiator to go through layers of validation as they attempt to access an application.

C.  

Provide proper billing by counting the number of deployed end users within a customer’s environment.

D.  

Provide disaster recovery and business continuity in a “black swan” event context.

A.  

Open and clear communication channels across Network and Security teams.

B.  

The policy remains the same, conditionally, and is applied equally regardless of the location of the enforcement point.

C.  

Leveraging policy enforcement capabilities available through traditional security appliances.

D.  

Application access happens on-premises, typically either from within the data center or the corporate campus, where large security stacks are deployed.

A.  

Be hashed, truncated, and stored in an obfuscated manner.

B.  

Give visibility of risky activity and allow enterprises to set acceptable thresholds of risk.

C.  

Provide access to the network.

D.  

Reduce processing load by enabling low-risk traffic to bypass less critical inspections.

A.  

Digital transformation journeys

B.  

Blue teaming exercises

C.  

Red teaming exercises

D.  

Disaster recovery planning

A.  

Inspection of SSL/TLS connections.

B.  

Local breakout so that traffic goes directly to SaaS applications from branches.

C.  

Context and Identity.

D.  

Segmenting an OT network so that it is air-gapped from the IT environment.

A.  

An assessment of inline and out-of-band network traffic.

B.  

A review of known configuration, and the absence of other configuration details, of cloud-hosted services in relation to best practices, industry standards, and compliance models to ensure misconfigurations, issues, and vulnerabilities are understood and highlighted.

C.  

An assessment of the content, not just the connection, of services, so that malicious functions are not downloaded and protected information is not lost.

D.  

Only focused on initiator context.

A.  

A true Zero Trust solution must never allow any access without authorization.

B.  

No. It should only apply to unauthorized initiators.

C.  

Unauthorized initiators are blackholed by default.

D.  

Zero Trust allows all initiators to see the destination, regardless of role and responsibility.