OBJ: 1.2 - The Control Plane within the Zero Trust model is fundamentally responsible for deciding on access based on policies and threats, which is a dynamic and multifaceted task.  While it does consider user behavior as part of its decision-making process, employing security decisions based on user behavior is only one aspect of its function. Although the Control Plane's decisions can indirectly limit potential damage zones by enforcing segmented access to network resources, its primary role should not be confused with the outcomes of its policy enforcement. The Control Plane does not directly ensure the efficient transmission of data — this is a misconception, as that is the role of the Data Plane.

OBJ: 1.2 - DAC (Discretionary access control) is a model where resource owners have the discretion to determine who can access specific resources and the actions they can perform. Mutual TLS (mTLS) authentication involves both client and server authenticating each other using certificates for secure communication. RBAC (Role-based access control) grants access based on the role of the user, not on the user's individual identity. OTP (One-time password) is an authentication mechanism where a unique password is valid for only one login session.

OBJ: 1.2 - Threat scope reduction refers to the proactive steps and strategies taken to reduce the potential areas of attack within a system or network. By limiting the avenues that attackers can exploit, organizations can more effectively secure their assets. Zero Trust is a security concept that advocates for not trusting any entity inside or outside the organization's perimeter by default. It emphasizes the need for continuous verification and validation. A gap analysis identifies the differences between the current state of a system or process and its desired future state, providing a roadmap for achieving those desired outcomes. Physical security focuses on measures designed to protect the physical assets of an organization, such as buildings, devices, and personnel, from harm and unauthorized access.

OBJ: 1.4 - One of the most important characteristics of blockchain is its decentralized nature, distributing the ledger across a peer-to-peer network, thus eliminating a single point of failure.  Homomorphic encryption allows for computations on ciphertext, without the need for decryption first. Digital certificate rotation is the practice of changing digital certificates at regular intervals. While blockchain blocks often include time stamps, this feature doesn't protect against a singular point of compromise.

OBJ: 1.4 - Root of Trust (RoT) is a source that can always be trusted. It is the foundation of a cryptographic system and is the central point of the chain of trust within that system.  It can be a piece of hardware (a Hardware Root of Trust) or software based.  It is important in PKI, but it doesn't provide digital certificates. Certificate Authorities (CAs) are trusted entities that issue and manage security credentials and public keys for message encryption. This does not describe the source that can always be trusted within a cryptographic system. Certificate Revocation Lists (CRLs) are lists of certificates that have been revoked by a Certificate Authority before their scheduled expiration date. This does not describe the source that can always be trusted within a cryptographic system. Online Certificate Status Protocol (OCSP) is an internet protocol used for obtaining the revocation status of a digital certificate. This does not describe the source that can always be trusted within a cryptographic system.

OBJ: 1.2 - Integrity ensures that information remains accurate and reliable over its entire life cycle, safeguarding against unauthorized alterations. Authentication confirms the identity of a user or system before granting access to resources. Confidentiality protects information from unauthorized access and disclosure. Availability ensures that systems and data are available to authorized users when they need them.

OBJ: 1.1 - A Firewall is a technical security control that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It can help prevent unauthorized access to a network or system. Background checks are an administrative security control that involves verifying the identity and history of employees or contractors. While it can help prevent insider threats, it does not directly monitor or control network traffic. An acceptable use policy is an administrative security control that outlines the acceptable use of company resources, including computer systems and networks. While it can help prevent misuse of resources, it does not directly monitor or control network traffic. Security awareness training is an administrative security control that involves educating employees about security threats and how to avoid them. While it is important, it does not directly monitor or control network traffic.