Exam PSE-SASE topic 1 question 10 discussion

Application access and user access are defined in: 4. Create the Zero Trust Policy This step involves developing and enforcing policies that specify who can access what resources under what conditions, ensuring that access is granted based on the principle of least privilege.

I believe this question needs to be reviewed: should be Step 2: Map and Verify Transactions https://docs.paloaltonetworks.com/best-practices/zero-trust-best-practices/zero-trust-best-practices/the-five-step-methodology/step-2-map-the-protect-surface-transaction-flows#id322db094-7ed0-4bcf-a663-58b450d1260c Step 2: Map and Verify Transactions Map the transactions between users, applications, and data, so that you can verify and inspect those transactions. Map: Which applications have access to which critical data. Which users have access to those applications. Which users and applications have access to which infrastructure. Step 4 is Implementation: https://docs.paloaltonetworks.com/best-practices/zero-trust-best-practices/zero-trust-best-practices/the-five-step-methodology/step-4-implementation#id8af03732-03e2-404a-9030-dfb63dfabffd

https://lightstream.io/the-5-step-model-to-implementing-zero-trust/

I think the correct answer would be Step 2.

In Step 4 you define the security policy based on the Kipling method, which is equivalent to defining user and application access. Step 2 is about defining the flow between users and application/data. Step 3 is about designing the solution and placing the firewalls for micro segmentation

It is step 2, agree with Pretorian comment below. I guess this is a transfer error.

B. Step 3: Architect a Zero Trust Network In Step 3 of the Five-Step Methodology of Zero Trust, application access and user access are defined.

Shouldn't it be Step 3? Step 3 is design according to Palo Alto: Also, there is another question 50 which has step 4 as the solution. Why should they include two questions with the same answer?