A (Encryption + strong authentication) aligns most closely with Zero Trust’s emphasis on always verifying identity and protecting data as it moves across untrusted networks.

Data-in-motion encryption ensures confidentiality, and two-factor authentication ensures strict identity verification.

Why other options are incorrect:

B: Data-at-rest encryption is important but not as critical as controlling data in motion for Zero Trust.

C: Categorization helps in segmentation but is not the core Zero Trust principle.

D: High availability is a design requirement, not the primary Zero Trust security control.

—