CSA Exam CCZT Topic 3 Question 41 Discussion

Actual exam question for CSA's CCZT exam

Question #: 41
Topic #: 3

[All CCZT Questions]

Which element of ZT focuses on the governance rules that define

the "who, what, when, how, and why" aspects of accessing target

resources?

APolicy

BData sources

CScrutinize explicitly

DNever trust, always verify
Policy is the element of ZT that focuses on the governance rules that define the ''who, what, when, how, and why'' aspects of accessing target resources. Policy is the core component of a ZTA that determines the access decisions and controls for each request based on various attributes and factors, such as user identity, device posture, network location, resource sensitivity, and environmental context. Policy is also the element that enables the ZT principles of ''never trust, always verify'' and ''scrutinize explicitly'' by enforcing granular, dynamic, and data-driven rules for each access request.
Reference=
Certificate of Competence in Zero Trust (CCZT) prepkit, page 14, section 2.2.2
What Is Zero Trust Architecture (ZTA)? - F5, section ''Policy Engine''
Zero Trust Architecture Project - NIST Computer Security Resource Center, slide 9
[Zero Trust Frameworks Architecture Guide - Cisco], page 4, section ''Policy Decision Point''

Show Suggested Answer

Suggested Answer: A

by Denae at Jul 03, 2025, 09:34 PM

Limited Time Offer

25%

10 days ago

Policy is clearly the right answer here. It's the foundation that defines all the access rules and controls in a Zero Trust architecture. I'm confident this is the correct choice.

upvoted 0 times

...