An organization wants to implement a security model that requires all users and devices, whether inside or outside the network, to be authenticated, authorized, and continuously validated before being granted or keeping access to applications and data. Which of the following models best meets this requirement?
The Zero Trust Model is a security framework that mandates all users and devices, regardless of their location, to be authenticated, authorized, and continuously verified before accessing resources. This approach operates on the principle of 'never trust, always verify,' ensuring that no implicit trust is granted to assets based solely on their network location. The Least Privilege Model limits user access rights to only what is necessary for their job functions but does not require continuous validation. Defense in Depth is a layered security strategy that uses multiple defenses but doesn't inherently require continuous authentication and authorization. Discretionary Access Control allows data owners to set access permissions but doesn't enforce continuous validation of users and devices.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Zero Trust Model?
Open an interactive chat with Bash
How does the Least Privilege Model differ from Zero Trust?