As a Policy Administrator in a zero trust environment, you are given the task of verifying and updating access control policies. A senior developer needs to access a secure development environment that contains sensitive code repositories. The developer already has multi-factor authentication (MFA) enabled. To adhere to the principles of zero trust, what additional action should you take before granting them access?
Enable multi-factor authentication (MFA) for the developer
Verify the user's recent activity for anomalies
Restrict the developer's access to the environment strictly during office hours
Move the code repository to a less secure environment to avoid access issues
In a zero-trust environment, trust is never assumed, hence it's essential to continuously validate every request as if it originated from an untrusted network. Verifying the user's recent activity for anomalies ensures that the request hasn't been made by a malicious actor who has compromised the developer's credentials despite MFA being enabled. Enabling MFA is incorrect because it's already implemented for the developer. Moving the code repository to a less secure environment goes against the zero trust principle of 'never trust, always verify' and unnecessarily exposes sensitive resources. Restricting access to office hours does not provide the dynamic and context-aware security evaluation needed in a zero trust approach.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does zero trust mean in cybersecurity?
Open an interactive chat with Bash
What are some signs of anomalies in user activity?
Open an interactive chat with Bash
Why is continuous verification important in a zero trust environment?