Your company decides to implement fine-grained attribute-based access control (ABAC) that entails access to identity repositories. Which of the following is the best to inform the policy decision point (PDP) with the subject’s attributes? (Source: Wentz QOTD)
A. X.500
B. X.509

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

Zero Trust as Access Control 2.0

Zero Trust has emerged for ten years. There are numerous posts and definitions if you google it. After digesting perspectives of Kindervag, CSA, Gartner, and NIST, Access Control 2.0 is the most effective terminology I can think of, to convey the idea of Zero Trust.

Access Control 2.0

Zero Trust is a cybersecurity paradigm for access control featuring data-centric, fine-grained, dynamic, and with Visibility.

  • Software-defined perimeter over network perimeter.
  • Data-centric micro-segments over network-based segments.
  • Identity-based context and attribute-based access control for fine-grained control and policy dynamics.
  • Logging and observing for visibility.
  • Compliance with need-to-know, least privileges, and complete mediation.

Introduction to the Zero Trust Architecture


Mutual authentication or bidirectional authentication refers to two parties involved in a transaction verifying each other. Which of the following is least likely to employ mutual authentication?
A. A client and server exchange their certificates issued by a trusted certificate authority
B. A web server sends its certificate to the user, who then signs in using his password
C. A 802.1X supplicant sends a user’s credential to the authenticator using EAP-MD5
D. An administrator connects to a remote server through the SSH default authentication

Continue reading


As a marketing manager, Alice called the IT help desk for the failure of logging into the mail server. Because of the heavy workload, she intends to give her username and password to the IT support staff and ask for returning a phone call if they have fixed the problem. Which of the following attacks is Alice most likely to suffer from if she does so?
A. Phishing 
B. Identity theft
C. Social engineering
D. Security awareness training

Continue reading


You are concerned with stealthy threat actors, who can be a nation-state or sponsored groups, gain unauthorized access to organizational networks and remain undetected for an extended period to conduct large-scale targeted intrusions for specific goals. Which of the following is the best to discover and hunt this type of attack?
A. Have security analysts conduct analysis with data from various sources
B. Create microsegments and establish a software-defined perimeter
C. Implement an anomaly-based intrusion prevention system
D. Install a hardened padded cell with anonymized data to observe attackers

Continue reading