Certbus > Cloud Security Alliance > Cloud Security Alliance Certifications > CCZT > CCZT Online Practice Questions and Answers

CCZT Online Practice Questions and Answers

Questions 4

How can ZTA planning improve the developer experience?

A. Streamlining access provisioning to deployment environments.

B. Require deployments to be grouped into quarterly batches.

C. Use of a third-party tool for continuous integration/continuous deployment (CI/CD) and deployments.

D. Disallowing DevOps teams access to the pipeline or deployments.

Browse 60 Q&As
Questions 5

What is a server exploitation threat that SDP features (server isolation, single packet authorization [SPA], and dynamic drop-all firewalls) protect against?

A. Certificate forgery attacks

B. Denial of service (DoS)/distributed denial of service (DDoS) attacks

C. Phishing attacks

D. Domain name system (DNS) poisoning attacks

Browse 60 Q&As
Questions 6

To respond quickly to changes while implementing ZT Strategy, an organization requires a mindset and culture of

A. learning and growth.

B. continuous risk evaluation and policy adjustment.

C. continuous process improvement.

D. project governance.

Browse 60 Q&As
Questions 7

Which element of ZT focuses on the governance rules that define the "who, what, when, how, and why" aspects of accessing target resources?

A. Policy

B. Data sources

C. Scrutinize explicitly

D. Never trust, always verify

Browse 60 Q&As
Questions 8

Of the following options, which risk/threat does SDP mitigate by mandating micro-segmentation and implementing least privilege?

A. Identification and authentication failures

B. Injection

C. Security logging and monitoring failures

D. Broken access control

Browse 60 Q&As
Questions 9

In a ZTA, what is a key difference between a policy decision point (PDP) and a policy enforcement point (PEP)?

A. A PDP measures incoming signals against a set of access determination criteria. A PEP uses incoming signals to open or close a connection.

B. A PDP measures incoming signals and makes dynamic risk determinations. A PEP uses incoming signals to make static risk determinations.

C. A PDP measures incoming control plane authentication signals. A PEP measures incoming data plane authorization signals.

D. A PDP measures incoming signals in an untrusted zone. A PEP measures incoming signals in an implicit trust zone.

Browse 60 Q&As
Questions 10

At which layer of the open systems interconnection (OSI) model does network access control (NAC) typically operate? Select the best answer.

A. Layer 6, the presentation layer

B. Layer 2, the data link layer

C. Layer 3, the network layer

D. Layer 4, the transport layer

Browse 60 Q&As
Questions 11

Network architects should consider__________ before selecting an SDP model.

Select the best answer.

A. leadership buy-in

B. gateways

C. their use case

D. cost

Browse 60 Q&As
Questions 12

During the monitoring and analytics phase of ZT transaction flows, organizations should collect statistics and profile the behavior of transactions. What does this support in the ZTA?

A. Creating firewall policies to protect data in motion

B. A continuous assessment of all transactions

C. Feeding transaction logs into a log monitoring engine

D. The monitoring of relevant data in critical areas

Browse 60 Q&As
Questions 13

When preparing to implement ZTA, some changes may be required. Which of the following components should the organization consider as part of their checklist to ensure a successful implementation?

A. Vulnerability scanning, patch management, change management, and problem management

B. Organization's governance, compliance, risk management, and operations

C. Incident management, business continuity planning (BCP), disaster recovery (DR), and training and awareness programs

D. Visibility and analytics integration and services accessed using mobile devices

Browse 60 Q&As
Questions 14

When kicking off ZT planning, what is the first step for an organization in defining priorities?

A. Determine current state

B. Define the scope

C. Define a business case

D. Identifying the data and assets

Browse 60 Q&As
Questions 15

SDP incorporates single-packet authorization (SPA). After successful authentication and authorization, what does the client usually do next? Select the best answer.

A. Generates an SPA packet and sends it to the initiating host.

B. Generates an SPA packet and sends it to the controller.

C. Generates an SPA packet and sends it to the accepting host.

D. Generates an SPA packet and sends it to the gateway.

Browse 60 Q&As
Questions 16

Which of the following is a required concept of single packet authorizations (SPAs)?

A. An SPA packet must be digitally signed and authenticated.

B. An SPA packet must self-contain all necessary information.

C. An SPA header is encrypted and thus trustworthy.

D. Upon receiving an SPA, a server must respond to establish secure connectivity.

Browse 60 Q&As
Questions 17

To ensure an acceptable user experience when implementing SDP, a security architect should collaborate with IT to do what?

A. Plan to release SDP as part of a single major change or a "big-bang" implementation.

B. Model and plan the user experience, client software distribution, and device onboarding processes.

C. Build the business case for SDP, based on cost modeling and business value.

D. Advise IT stakeholders that the security team will fully manage all aspects of the SDP rollout.

Browse 60 Q&As
Questions 18

Which of the following is a potential outcome of an effective ZT implementation?

A. Regular vulnerability scanning

B. A comprehensive catalogue of all transactions, dependencies, and services with associated IDs

C. Deployment of traditional firewall solutions

D. Adoption of biometric authentication

Browse 60 Q&As
Exam Code: CCZT
Exam Name: Certificate of Competence in Zero Trust (CCZT)
Last Update: Mar 19, 2025
Questions: 60 Q&As

PDF

$49.99

VCE

$55.99

PDF + VCE

$65.99