Assessing, calculating, and delivering a risk score is: (Select 2)
A.
An assessment of inline and out-of-band network traffic.
B.
A review of known configuration, and the absence of other configuration details, of cloud-hosted services in relation to best practices, industry standards, and compliance models to ensure misconfigurations, issues, and vulnerabilities are understood and highlighted.
C.
An assessment of the content, not just the connection, of services, so that malicious functions are not downloaded and protected information is not lost.
The correct answers are A and B . In Zero Trust architecture, risk scoring is broader than a simple connection decision. It is derived from multiple forms of context and telemetry so that policy can adapt based on changing conditions. Option A is correct because risk can be informed by both inline observations and out-of-band analysis. This reflects the Zero Trust principle of continuous assessment rather than one-time trust establishment.
Option B is also correct because modern risk evaluation includes the security posture of cloud-hosted services , including known configuration weaknesses, missing controls, misconfigurations, compliance gaps, and other exposures. This aligns with Zero Trust thinking because access and trust decisions should account for more than identity alone; they should also reflect the security condition of the service being accessed.
Option C describes content inspection and data protection , which are critical controls, but that is not the best definition of calculating and delivering a risk score. Option D is incorrect because Zero Trust risk is not only about initiator context . It also considers application, service, transaction, and environmental conditions. Therefore, the two correct answers are A and B .
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit