Quiz | Zero trust — Part 2

Now that we covered the bases of zero trust security in Part 1, let’s dive into the specifics. Keep in mind that, while a high score is something to celebrate, cyber vigilance isn’t something that’s achieved once — it must be maintained. Find out where you stand right now with this quiz.

By Amy Al-Katib

1. "Never trust, always verify" means:

a) Always trust user credentials
b) Always deny access for everyone
c) Always verify the identity and trustworthiness of users and devices
d) Always trust internal network traffic

2. Multifactor authentication (MFA) enhances zero trust security by:

a) easing restrictions on access.
b) providing user passwords.
c) adding an extra layer of security for user authentication.
d) conducting internal audits.

3. In zero trust security, "device trust" is:

a) Trusting all devices.
b) Ensuring devices are securely configured and free from threats.
c) Verifying make and model.
d) Using only proprietary devices.

4. How is zero trust usually implemented?

a) Firewalls
b) Username and password combinations
c) Intrusion detection systems
d) zero trust Network Access (ZTNA)

5. How does ZTNA differ from traditional VPNs?

a) VPNs provide the most secure access.
b) ZTNA provides unrestricted access for any internet user.
c) VPNs rely on trust-based models.
d) They both follow a least privilege model.

6. In what ways does zero trust security protect against insider threats?

a) It doesn’t.
b) Employees are automatically considered trusted.
c) Internal access is monitored and limited.
d) Only outside threats are considered.

7. When implementing zero trust, _____ could be a challenge.

a) longer passwords
b) resistance to change
c) increased cyber risks
d) a limited number of usernames

8. Organizations planning to transition to zero trust should:

a) Focus on more physical security.
b) Provide the same level of access to all employees.
c) Consider a gradual approach to adoption and culture change.
d) Design a more complex network to make it more difficult to breach.

9. The _____ sets the standards for cybersecurity and information security in the U.S.

a) International Organization for Standardization (ISO)
b) Institute of Electrical and Electronics Engineers (IEEE)
c) National Institute of Standards and Technology (NIST)
d) Federal Bureau of Investigation (FBI)

10. In a zero trust model, what should be the default approach to network security?

a) Trust all traffic and devices
b) Verify and trust all internal traffic
c) Trust nothing, verify everything
d) Trust only external devices and traffic

Earn free CEUs — visit our Continuing Education Center today!