New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA CS0-003 Exam - Topic 3 Question 38 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 38
Topic #: 3
[All CS0-003 Questions]

An organization is planning to adopt a zero-trust architecture. Which of the following is most aligned with this approach?

Show Suggested Answer Hide Answer
Suggested Answer: A

Comprehensive and Detailed Step-by-Step

Network segmentation supports zero-trust principles by ensuring sensitive systems are isolated and access is restricted based on identity, role, and context. Unlike traditional models, zero-trust architecture does not automatically trust authenticated users or internal network traffic. It enforces strict access controls to minimize risk.


CompTIA CySA+ Study Guide (Chapter 2: Zero Trust and Network Segmentation, Page 52)

CompTIA CySA+ Objectives (Domain 1.1 - Zero Trust Architecture)

by Ty at Jan 22, 2025, 10:38 AM

Limited Time Offer

25%

Off

Get Premium CS0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dong
3 months ago
Wait, are we really trusting users after just one MFA? That sounds sketchy!
upvoted 0 times
...
Owen
3 months ago
D is a big no, trusting internal traffic is against zero-trust principles.
upvoted 0 times
...
Corinne
3 months ago
C seems risky, just because they authenticate once doesn’t mean they’re safe.
upvoted 0 times
...
Mabel
4 months ago
I think B makes more sense, whitelisting is key!
upvoted 0 times
...
Wilda
4 months ago
A is definitely the way to go for zero-trust.
upvoted 0 times
...
Reta
4 months ago
I feel like D is definitely not aligned with zero-trust. Trusting internal communications just seems counterintuitive to the whole concept.
upvoted 0 times
...
Owen
4 months ago
I practiced a question similar to this, and I think trusting users after they authenticate once doesn't align with zero-trust principles. So, I’d lean away from C.
upvoted 0 times
...
Tegan
4 months ago
I'm not entirely sure, but I think whitelisting IPs could be part of a zero-trust strategy too. Maybe B is worth considering?
upvoted 0 times
...
Nickolas
5 months ago
I remember studying network segmentation as a key principle of zero-trust. It seems like A might be the right choice.
upvoted 0 times
...
Edda
5 months ago
Okay, I think I've got this. Zero-trust is about verifying access, not just network segmentation. So I'm going to go with option B, whitelisting specific IPs.
upvoted 0 times
...
Corazon
5 months ago
I'm pretty sure zero-trust is about not relying on network boundaries, so option D about trusting internal traffic doesn't seem right. I'm leaning towards A or B.
upvoted 0 times
...
Elbert
5 months ago
Hmm, I'm a bit confused. Zero-trust means verifying everything, right? So maybe option C about trusting users after MFA is the best answer.
upvoted 0 times
...
Muriel
5 months ago
This question seems straightforward. I think the zero-trust approach is about not automatically trusting anything, so option A seems most aligned with that.
upvoted 0 times
...
Valentin
1 year ago
I still think A) Network segmentation is the best choice for zero-trust architecture.
upvoted 0 times
...
Ozell
1 year ago
I see your point, Adell. Whitelisting can help, but network segmentation is more comprehensive in enforcing zero-trust.
upvoted 0 times
...
Arlette
1 year ago
Trusting internal traffic? That's like letting the fox guard the henhouse. Zero-trust all the way, baby!
upvoted 0 times
Isabelle
11 months ago
A) Network segmentation to separate sensitive systems from the rest of the network.
upvoted 0 times
...
Carey
11 months ago
Trusting internal traffic is risky. Zero-trust is the way to go!
upvoted 0 times
...
Janine
11 months ago
C) Trusting users who successfully authenticate once with multifactor authentication.
upvoted 0 times
...
Genevive
11 months ago
B) Whitelisting specific IP addresses that are allowed to access the network.
upvoted 0 times
...
Kenny
12 months ago
B) Whitelisting specific IP addresses that are allowed to access the network.
upvoted 0 times
...
Glendora
12 months ago
A) Network segmentation to separate sensitive systems from the rest of the network.
upvoted 0 times
...
Ernie
12 months ago
A) Network segmentation to separate sensitive systems from the rest of the network.
upvoted 0 times
...
...
Adell
1 year ago
But what about option B) Whitelisting specific IP addresses? Wouldn't that also align with zero-trust?
upvoted 0 times
...
Valentin
1 year ago
I agree with Ozell, because zero-trust architecture requires segmenting sensitive systems.
upvoted 0 times
...
Kathrine
1 year ago
Ah, the classic network segmentation approach. It's like building a firewall around your sensitive data - except the firewall is made of Swiss cheese.
upvoted 0 times
Audria
12 months ago
D) Automatically trusting internal network communications over external traffic.
upvoted 0 times
...
Nickie
12 months ago
C) Trusting users who successfully authenticate once with multifactor authentication.
upvoted 0 times
...
Stefany
12 months ago
B) Whitelisting specific IP addresses that are allowed to access the network.
upvoted 0 times
...
Craig
12 months ago
A) Network segmentation to separate sensitive systems from the rest of the network.
upvoted 0 times
...
...
Ozell
1 year ago
I think the answer is A) Network segmentation.
upvoted 0 times
...
Willetta
1 year ago
Option C is the way to go! I mean, who needs constant verification when you've got that sweet sweet MFA?
upvoted 0 times
Roxane
1 year ago
User 3: Option C is convenient, but I think network segmentation is more secure in the long run.
upvoted 0 times
...
Shala
1 year ago
User 2: I agree, keeping sensitive systems separate is crucial for security.
upvoted 0 times
...
Fallon
1 year ago
User 1: I think option A is the best choice. Network segmentation is key for zero-trust.
upvoted 0 times
...
...

Save Cancel