Which statement best describes the zero-trust security model?

• A. It assumes all internal traffic is trusted and requires fewer verifications.
• B. A security approach that never automatically trusts any user or device, enforcing continuous verification.
• C. It relies on a single perimeter defense to block external threats.
• D. It primarily focuses on physical security of devices.

Answer: (B)

Zero-trust security hinges on never trusting anyone or anything by default, whether inside or outside the network. Access is not granted automatically; every attempt to reach a resource is authenticated and authorized, and continuously evaluated in context. This means verifying identity, device health, and the circumstances of the request—such as location, time, and behavior—and enforcing least-privilege access with segmentation so that each session has only the permissions it needs. The idea is ongoing verification rather than assuming trust for internal traffic. It also rejects the notion of a single perimeter and isn’t focused on physical device security. That continuous, no-default-trust approach is exactly what the described model embodies.