In which step of the Five-Step Methodology of Zero Trust are application access and user access defined?
In which step of the Five-Step Methodology of Zero Trust are application access and user access defined?
In the Five-Step Methodology of Zero Trust, application access and user access are defined in Step 4: Create the Zero Trust Policy. This step involves developing and enforcing policies that specify who can access what resources under specific conditions, ensuring access is granted based on the principle of least privilege.
In Step 4 you define the security policy based on the Kipling method, which is equivalent to defining user and application access. Step 2 is about defining the flow between users and application/data. Step 3 is about designing the solution and placing the firewalls for micro segmentation
It is step 2, agree with Pretorian comment below. I guess this is a transfer error.
The link to missing step 2: https://docs.paloaltonetworks.com/best-practices/zero-trust-best-practices/zero-trust-best-practices/the-five-step-methodology/step-2-map-the-protect-surface-transaction-flows
I think the correct answer would be Step 2.
Shouldn't it be Step 3? Step 3 is design according to Palo Alto: https://docs.paloaltonetworks.com/best-practices/zero-trust-best-practices/zero-trust-best-practices/the-five-step-methodology/step-3-standards-and-designs#id80d888c0-c2bf-4ab1-9e74-e628d6cc3580 Also, there is another question 50 which has step 4 as the solution. Why should they include two questions with the same answer?
It's actually "Step 2: Map and Verify Transactions" (not an option) from the document you shared: "Map the transactions between users, applications, and data, so that you can verify and inspect those transactions. Map: Which applications have access to which critical data. Which users have access to those applications. Which users and applications have access to which infrastructure."
B. Step 3: Architect a Zero Trust Network In Step 3 of the Five-Step Methodology of Zero Trust, application access and user access are defined.
https://lightstream.io/the-5-step-model-to-implementing-zero-trust/
I believe this question needs to be reviewed: should be Step 2: Map and Verify Transactions https://docs.paloaltonetworks.com/best-practices/zero-trust-best-practices/zero-trust-best-practices/the-five-step-methodology/step-2-map-the-protect-surface-transaction-flows#id322db094-7ed0-4bcf-a663-58b450d1260c Step 2: Map and Verify Transactions Map the transactions between users, applications, and data, so that you can verify and inspect those transactions. Map: Which applications have access to which critical data. Which users have access to those applications. Which users and applications have access to which infrastructure. Step 4 is Implementation: https://docs.paloaltonetworks.com/best-practices/zero-trust-best-practices/zero-trust-best-practices/the-five-step-methodology/step-4-implementation#id8af03732-03e2-404a-9030-dfb63dfabffd
Application access and user access are defined in: 4. Create the Zero Trust Policy This step involves developing and enforcing policies that specify who can access what resources under what conditions, ensuring that access is granted based on the principle of least privilege.