Valid CNX-001 Dumps shared by EduDump.com for Helping Passing CNX-001 Exam! EduDump.com now offer the newest CNX-001 exam dumps, the EduDump.com CNX-001 exam questions have been updated and answers have been corrected get the newest EduDump.com CNX-001 dumps with Test Engine here:
An architect needs to deploy a new payroll application on a cloud host. End users' access to the application will be based on the end users' role. In addition, the host must be deployed on the 192.168.77.32/30 subnet. Which of the following Zero Trust elements are being implemented in this design? (Choose two.)
Correct Answer: A,C
Comprehensive and Detailed Explanation From Exact Extract: A: Least privilege - This Zero Trust principle ensures users can only access the resources necessary for their job roles. Role-based access control (RBAC), as mentioned in the scenario, is a textbook implementation of least privilege. C: Microsegmentation - Deploying the application in a small subnet (192.168.77.32/30 provides only 2 usable host IPs) limits lateral movement and isolates the host at a network level. This is a key characteristic of microsegmentation, where resources are placed in small, tightly controlled network segments. Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Zero Trust Security Architecture": "Least privilege enforces access permissions based on job responsibilities." "Microsegmentation applies granular isolation policies between resources to reduce the attack surface and lateral movement." Other options: * B. Device trust involves assessing device posture and compliance before granting access. * D. CASB (Cloud Access Security Broker) governs cloud access, not access control or subnetting. * E. WAF protects web applications but is not a Zero Trust element directly related to access control. * F. MFA supports identity verification but is not directly evidenced in the scenario.
