CISSP PRACTICE QUESTIONS – 20211211

Effective CISSP Questions

Zero Trust employs data-centric access control and abandons the reliance on the physical perimeter. Which of the following least supports and aligns with Zero Trust? (Wentz QOTD)
A. DMZ or demilitarized zone
B. Software-defined networking (SDN)
C. Software-defined perimeter (SDP)
D. Overlay network

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. DMZ or demilitarized zone.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Zero Trust as Access Control 2.0
Zero Trust as Access Control 2.0

DMZ or demilitarized zone is a legacy zone controlled by a firewall. However, Zero Trust relies on data-centric access control instead of the network perimeter. Zones are separate security domains controlled by a firewall. Network traffic between zones is inspected and mediated by the firewall.

Data-centric access control mediates dispersed requests from various sources or even worldwide. Legacy network boundary or perimeter, e.g., Castle and Moat, is not flexible enough to support complex distributed networks and business dynamics nowadays. It relies on software-defined perimeter/network and/or overlay networks to support data-centric access control, a core concept of Zero Trust.

Evolvement of Zero Trust Concepts
Evolvement of Zero Trust Concepts
Castle and Moat
Castle and Moat
SDN Architecture
SDN Architecture (Credit: Dargahi, Tooska, et al.)
SDP Architecture
SDP Architecture
VXLAN
VXLAN

Reference


零信任(Zero Trust)採用以數據為中心的訪問控制並放棄對物理邊界的依賴。 以下哪項最不支持並符合零信任?(Wentz QOTD)
A. DMZ 或非軍事區
B. 軟件定義網絡 (SDN)
C. 軟件定義的邊界 (SDP)
D. 覆蓋(Overlay)網絡



Leave a Reply