New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CSA CCZT Exam - Topic 1 Question 11 Discussion

Actual exam question for CSA's CCZT exam
Question #: 11
Topic #: 1
[All CCZT Questions]

In SaaS and PaaS, which access control method will ZT help define

for access to the features within a service?

Show Suggested Answer Hide Answer
Suggested Answer: B

ABAC is an access control method that uses attributes of the requester, the resource, the environment, and the action to evaluate and enforce policies. ABAC allows for fine-grained and dynamic access control based on the context of the request, rather than predefined roles or privileges. ABAC is suitable for SaaS and PaaS, where the features within a service may vary depending on the customer's needs, preferences, and subscription level. ABAC can help implement ZT by enforcing the principle of least privilege and verifying every request based on multiple factors.

Reference=

Attribute-Based Access Control (ABAC) Definition

General Access Control Guidance for Cloud Systems

A Guide to Secure SaaS Access Control Within an Organization


by Lili at Mar 21, 2024, 12:02 AM

Limited Time Offer

25%

Off

Get Premium CCZT Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Laurel
3 months ago
Surprised to see ABAC as the answer!
upvoted 0 times
...
Cecil
3 months ago
I thought ZT was more about PBAC.
upvoted 0 times
...
Emilio
3 months ago
Wait, isn't RBAC still more common?
upvoted 0 times
...
Lashanda
4 months ago
Definitely ABAC! Makes the most sense.
upvoted 0 times
...
Ronna
4 months ago
I'm pretty sure it's ABAC.
upvoted 0 times
...
Sharika
4 months ago
I’m leaning towards ABAC since it seems to align with the dynamic nature of access in SaaS and PaaS environments.
upvoted 0 times
...
Kristel
4 months ago
I feel like DBAC could be relevant too, but I can't recall if it's specifically tied to ZT frameworks.
upvoted 0 times
...
Ernest
4 months ago
I remember practicing a question about RBAC, but I'm not sure if it fits with Zero Trust principles.
upvoted 0 times
...
France
5 months ago
I think ZT stands for Zero Trust, which might relate to ABAC since it focuses on attributes rather than roles.
upvoted 0 times
...
Celeste
5 months ago
Based on my understanding of Zero Trust principles, I think the answer is B - Attribute-based access control (ABAC). Zero Trust focuses on verifying user and device attributes to determine access, rather than relying on static roles or privileges. So ABAC seems like the access control method that would be most aligned with Zero Trust.
upvoted 0 times
...
Janessa
5 months ago
I'm a bit confused by the wording of this question. It's asking which access control method ZT will help define, but the options seem to be the different access control models themselves. I'm not sure if I'm missing something here. Maybe I should review my notes on Zero Trust and access control again.
upvoted 0 times
...
Franklyn
5 months ago
Okay, let me see if I can break this down. Zero Trust is all about verifying user identity and device posture before granting access, right? So it makes sense that it would help define an attribute-based access control model, where access is granted based on user and device attributes. I'm feeling more confident about B as the answer.
upvoted 0 times
...
Art
5 months ago
Hmm, I'm a bit unsure about this one. I know Zero Trust is about verifying access based on various factors, but I'm not entirely clear on how that relates to the different access control models. I'll have to think this through carefully.
upvoted 0 times
...
Eden
5 months ago
I'm pretty sure this is asking about access control methods that Zero Trust (ZT) helps define in SaaS and PaaS environments. Based on my understanding, the correct answer is B - Attribute-based access control (ABAC).
upvoted 0 times
...
Quentin
5 months ago
I'm a little confused by the wording of the question. Is the merchant looking to create a new product called "Our Top Combo" that contains the four existing products, or are they just trying to group the four products together in some way? I'll need to re-read the question carefully to make sure I understand the requirement.
upvoted 0 times
...
Cary
5 months ago
I'm a bit confused by all the different organizations and their relationships. I'll need to make sure I fully grasp the context before trying to answer the question.
upvoted 0 times
...
Glen
5 months ago
I'm feeling pretty confident about this one. Based on the question and the properties, I think option D is the right answer.
upvoted 0 times
...
Leota
2 years ago
That's true, PBAC could provide specific privileges to different users.
upvoted 0 times
...
Elliott
2 years ago
I think privilege-based access control (PBAC) might be useful for more granular control.
upvoted 0 times
...
Jonell
2 years ago
RBAC could work well too, especially for defining roles within a service.
upvoted 0 times
...
Reuben
2 years ago
I believe role-based access control (RBAC) could also be a good option.
upvoted 0 times
...
Leota
2 years ago
I agree, ABAC seems like the most flexible method for controlling access.
upvoted 0 times
...
Jonell
2 years ago
I think ZT will help define attribute-based access control (ABAC) for access.
upvoted 0 times
...
Joseph
2 years ago
I believe ZT will help define access using ABAC to more granularly control features.
upvoted 0 times
...
Ethan
2 years ago
I'm not sure, I think it could also be C) Role-based access control (RBAC).
upvoted 0 times
...
Serina
2 years ago
I agree, ABAC makes sense for defining access in SaaS and PaaS.
upvoted 0 times
...
Kassandra
2 years ago
I think the answer is B) Attribute-based access control (ABAC).
upvoted 0 times
...

Save Cancel