What is the function of the rule-based security policies configured on the policy decision point (PDP)?

What is the function of the rule-based security policies configured on the policy decision point (PDP)?
A . Define rules that specify how information can flow
B . Define rules that specify multi-factor authentication (MFA) requirements
C . Define rules that map roles to users
D . Define rules that control the entitlements to assets

View Answer

Answer: D

Explanation:

Rule-based security policies are a type of attribute-based access control (ABAC) policies that define rules that control the entitlements to assets, such as data, applications, or devices, based on the attributes of the subjects, objects, and environment. The policy decision point (PDP) is the component in a zero trust architecture (ZTA) that evaluates the rule-based security policies and generates an access decision for each request.

Reference =

Certificate of Competence in Zero Trust (CCZT) prepkit, page 14, section 2.2.2 A Zero Trust Policy Model | SpringerLink, section “Rule-Based Policies”

Zero Trust architecture: a paradigm shift in cybersecurity – PwC, section “Security policy and control framework”