In which step of the Five-Step Methodology of Zero Trust are application access and user access defined?
In which step of the Five-Step Methodology of Zero Trust are application access and user access defined?
In the Five-Step Methodology of Zero Trust, application access and user access are defined in Step 4: Create the Zero Trust Policy. This step involves developing and enforcing policies that specify who can access what resources under specific conditions, ensuring access is granted based on the principle of least privilege.
In Step 4 you define the security policy based on the Kipling method, which is equivalent to defining user and application access. Step 2 is about defining the flow between users and application/data. Step 3 is about designing the solution and placing the firewalls for micro segmentation
I think the correct answer would be Step 2.
The link to missing step 2: https://docs.paloaltonetworks.com/best-practices/zero-trust-best-practices/zero-trust-best-practices/the-five-step-methodology/step-2-map-the-protect-surface-transaction-flows
It is step 2, agree with Pretorian comment below. I guess this is a transfer error.
Application access and user access are defined in: 4. Create the Zero Trust Policy This step involves developing and enforcing policies that specify who can access what resources under what conditions, ensuring that access is granted based on the principle of least privilege.
I believe this question needs to be reviewed: should be Step 2: Map and Verify Transactions https://docs.paloaltonetworks.com/best-practices/zero-trust-best-practices/zero-trust-best-practices/the-five-step-methodology/step-2-map-the-protect-surface-transaction-flows#id322db094-7ed0-4bcf-a663-58b450d1260c Step 2: Map and Verify Transactions Map the transactions between users, applications, and data, so that you can verify and inspect those transactions. Map: Which applications have access to which critical data. Which users have access to those applications. Which users and applications have access to which infrastructure. Step 4 is Implementation: https://docs.paloaltonetworks.com/best-practices/zero-trust-best-practices/zero-trust-best-practices/the-five-step-methodology/step-4-implementation#id8af03732-03e2-404a-9030-dfb63dfabffd
https://lightstream.io/the-5-step-model-to-implementing-zero-trust/
B. Step 3: Architect a Zero Trust Network In Step 3 of the Five-Step Methodology of Zero Trust, application access and user access are defined.
Shouldn't it be Step 3? Step 3 is design according to Palo Alto: https://docs.paloaltonetworks.com/best-practices/zero-trust-best-practices/zero-trust-best-practices/the-five-step-methodology/step-3-standards-and-designs#id80d888c0-c2bf-4ab1-9e74-e628d6cc3580 Also, there is another question 50 which has step 4 as the solution. Why should they include two questions with the same answer?
It's actually "Step 2: Map and Verify Transactions" (not an option) from the document you shared: "Map the transactions between users, applications, and data, so that you can verify and inspect those transactions. Map: Which applications have access to which critical data. Which users have access to those applications. Which users and applications have access to which infrastructure."