Comprehensive and Detailed Explanation From Exact Extract:
A. Least privilege – This Zero Trust principle ensures users can only access the resources necessary for their job roles. Role-based access control (RBAC), as mentioned in the scenario, is a textbook implementation of least privilege.
C. Microsegmentation – Deploying the application in a small subnet (192.168.77.32/30 provides only 2 usable host IPs) limits lateral movement and isolates the host at a network level. This is a key characteristic of microsegmentation, where resources are placed in small, tightly controlled network segments.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide — under “Zero Trust Security Architecture”:
“Least privilege enforces access permissions based on job responsibilities.”
“Microsegmentation applies granular isolation policies between resources to reduce the attack surface and lateral movement.”
Other options:
B. Device trust involves assessing device posture and compliance before granting access.
D. CASB (Cloud Access Security Broker) governs cloud access, not access control or subnetting.
E. WAF protects web applications but is not a Zero Trust element directly related to access control.
F. MFA supports identity verification but is not directly evidenced in the scenario.
================================================
