Zero Trust employs data-centric access control and abandons the reliance on the physical perimeter. Which of the following least supports and aligns with Zero Trust? (Wentz QOTD)
A. DMZ or demilitarized zone
B. Software-defined networking (SDN)
C. Software-defined perimeter (SDP)
D. Overlay network
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. DMZ or demilitarized zone.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
DMZ or demilitarized zone is a legacy zone controlled by a firewall. However, Zero Trust relies on data-centric access control instead of the network perimeter. Zones are separate security domains controlled by a firewall. Network traffic between zones is inspected and mediated by the firewall.
Data-centric access control mediates dispersed requests from various sources or even worldwide. Legacy network boundary or perimeter, e.g., Castle and Moat, is not flexible enough to support complex distributed networks and business dynamics nowadays. It relies on software-defined perimeter/network and/or overlay networks to support data-centric access control, a core concept of Zero Trust.
零信任(Zero Trust)採用以數據為中心的訪問控制並放棄對物理邊界的依賴。 以下哪項最不支持並符合零信任？(Wentz QOTD)
A. DMZ 或非軍事區
B. 軟件定義網絡 (SDN)
C. 軟件定義的邊界 (SDP)