Online Access Free CCZT Practice Test

Exam Code:	CCZT
Exam Name:	Certificate of Competence in Zero Trust (CCZT)
Certification Provider:	Cloud Security Alliance
Free Question Number:	62
Posted:	Sep 04, 2025

Rating

100%

Page: 1 / 13
Total 62 questions

Question 1

In a ZTA, what is a key difference between a policy decision point
(PDP) and a policy enforcement point (PEP)?

A.A PDP measures incoming signals against a set of access
determination criteria. A PEP uses incoming signals to open or close a
connection.
B.A PDP measures incoming control plane authentication signals. A
PEP measures incoming data plane authorization signals.
C.A PDP measures incoming signals in an untrusted zone. A PEP
measures incoming signals in an implicit trust zone.
D.A PDP measures incoming signals and makes dynamic risk
determinations. A PEP uses incoming signals to make static risk
determinations.

Question 2

ZTA reduces management overhead by applying a consistent
access model throughout the environment for all assets. What can
be said about ZTA models in terms of access decisions?

A.The traffic of the access workflow must contain all the parameters
for the policy enforcement points.
B.The traffic of the access workflow must contain all the parameters
for the policy decision points.
C.Access revocation data will be passed from the policy decision points to the policy enforcement points.
D.Each access request is handled just-in-time by the policy decision
points.

Question 3

What is a server exploitation threat that SDP features (server isolation, single packet authorization [SPA], and dynamic drop-all firewalls) protect against?

A.Denial of service (DoS)/distributed denial of service (DDoS) attacks
B.Domain name system (DNS) poisoning attacks
C.Phishing attacks
D.Certificate forgery attacks

Question 4

Which component in a ZTA is responsible for deciding whether to
grant access to a resource?

A.The policy engine (PE)
B.The policy administrator (PA)
C.The policy enforcement point (PEP)
D.The policy component

Question 5

Of the following options, which risk/threat does SDP mitigate by
mandating micro-segmentation and implementing least privilege?

A.Security logging and monitoring failures
B.Identification and authentication failures
C.Broken access control
D.Injection

Latest Upload: 105Oracle.1Z0-1057-23.v2025-09-10.q47; 146Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 130SAP.C-S4EWM-2023.v2025-09-08.q83; 148TheSecOpsGroup.CNSP.v2025-09-08.q20; 190CFAInstitute.ESG-Investing.v2025-09-08.q173; 148PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 139Salesforce.Data-Architect.v2025-09-05.q216; 133Adobe.AD0-E605.v2025-09-05.q50; 173Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 113Oracle.1z0-591.v2025-09-05.q104