Question 35
Domain 2: Data Protection and Identity SecurityIn a Zero Trust architecture for cloud environments, which principle is MOST fundamental?
Correct answer: B
Explanation
Zero Trust is built on the principle of "never trust, always verify," meaning every access request must be authenticated and authorized each time. This applies "regardless of network location," so being inside the cloud or corporate network does not grant implicit trust.
Why each option is right or wrong
A. Trust but verify for internal network traffic
B. Never trust, always verify, regardless of network location
Zero Trust is defined in NIST SP 800-207 as an architecture that eliminates implicit trust based on network location and requires continuous verification of every access request. The core principle is that access decisions are made using identity, device, and context signals each time, rather than granting trust because a user or workload is inside a perimeter or cloud subnet.
C. Implicit trust for corporate-managed devices
D. Trust based solely on user credentials