Home »
Cyber Security
Zero Trust Security Model (+MCQs)
By Vanka Manikanth, on April 12, 2020
What is Zero Trust Security Model?
The original Zero Trust model was developed by Forrester in 2010, but not fully incorporated until Google successfully developed and implemented their version of Zero Trust, Beyond Corp, almost six years later. Let's understand what exactly the Zero Trust model is and what it means to implement one?
In this security landscape who and what you trust is key to your security, privacy, and anonymity.
The less you trust the lower your risk. If you want to minimize the risk do not trust even yourself unless you make sure what you are doing with multiple checks this is what the Zero Trust Model.
To protect your asset we have to make choices about trust. We have to select the Operating system. Software, encryption process, storage management, Internet service provider, password manager, etc. Evaluate instead of having trust, because there is no such 100 percent security and 0 percent risk. Everything represents some level of risk some acceptable while some not. We can mitigate the risk by distributing trust.
In simple words, Zero Trust is a security model centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. Micro-segmentation has to be followed- giving minimal access to specific modules. It is effective for mobile and cloud apps
Before Zero Trust we have Castle and Moat Security where Access will be given to full modules for authenticated users
Let us understand deep about it.
Suppose you wanted to store files or sync all your data into cloud storage like dropbox, syncing service. You should not trust that it will not get hacked; you should not trust your data will not be modified. So you have to take a risk choice or assessment basing upon the Zero Trust Model. Ask yourself how important the data is for you? If it is more important then have a backup at a separate location and encrypt the files with the key which you alone have. This way you are distributing the trust to alternatives to add up layers of security to your confidential information.
Zero Trust Security Model MCQs
1) Can we trust Internet?
- Yes why not
- No, it has some risks we must be aware of our actions
- Not sure
Correct answer: 2
No, it has some risks we must be aware of our actions
3) Its good to provide all the admin control access to every employee so that they will not waste time on specific requests
- True
- False
- Not sure
Correct answer: 2
False
False, insiders or outsiders least privileges are always good.
4) Before catastrophic breaches its good practice to have Zero Trust Model
- Yes
- Not required
- I dont think so
5) Zero Trust Security Model/Architecture should be built on trusting users,networks and sensitive access resources.
- Yes
- No
- Its not required to have Zero Trust Model
Correct answer: 2
No
No, a detail steps has to be implemented so that trust is distributed and verified everytime
6) Micro Segmentation is a
- Approach to provide minimal access
- No minimal access
- Not Sure
Correct answer: 1
Approach to provide minimal access
7) Micro segmentation is not an effective way for Mobile Apps
- True
- False
- Not sure
Correct answer: 2
False
False, asking everytime a verification/authentication is very much required in the case of Mobiles, because our Mobile has all private data.
8) Before Zero Trust we have
- Castle and Moat Security
- Castle and Mobile Security
- Not sure
Correct answer: 1
Castle and Moat Security
9) Which Security Model gives Access to full modules for authenticated users
- Zero Trust
- Castle and Moat Security
- Not sure
Correct answer: 2
Castle and Moat Security
10) Zero Trust model was developed by _____________ in 2010.
- Yes
- Forrester
- Not sure
Correct answer: 2
Forrester