The best answer is C. Granting resource access after continuous validation.

Zero Trust architecture is based on the principle of never trust, always verify. Access should not be granted simply because a user or device is inside the network or was authenticated once earlier. Instead, access decisions should be based on continuous validation of identity, device health, context, and other relevant factors.

This means users and devices are evaluated repeatedly and granted only the minimum access necessary.

Why the other options are incorrect:

A. Building strong network boundaries to prevent intrusionThis reflects a traditional perimeter-based security model, not Zero Trust.

B. Verifying user identity once at the start of the sessionZero Trust does not rely on one-time authentication alone. It emphasizes ongoing verification.

D. Prioritizing perimeter defense to block external threatsAgain, this focuses on perimeter security rather than continuous, identity- and context-based access control.

From a Security+ perspective, Zero Trust is best represented by continuous validation before and during access, which makes C correct.