A fundamental principle of Zero Trust is continuous verification and adaptive trust. The system constantly monitors user and device behavior for indicators of risk. If risky behavior is detected, the initiator's trust score is dynamically adjusted. This change in posture triggers a real-time policy response, which can include limiting access to less sensitive applications, blocking access entirely, or redirecting the session to a deception environment for further analysis. This adaptive control contains threats and prevents lateral movement without relying on static network constructs.

A: VLANs are a network-centric control, whereas Zero Trust is identity-centric. Quarantining is also typically dynamic, not permanent.

C: Logging violations in a public database would be a major security and privacy failure, not a control mechanism.

D: Zero Trust is an architectural strategy based on principles, not simply the deployment of security appliances.

1. National Institute of Standards and Technology (NIST). "Special Publication 800-207: Zero Trust Architecture." August 2020. Section 3.3, Tenet 6: "Access to resources is determined by dynamic policy... including the observable state of client identity, application/service, and the requesting asset."

2. Zscaler. "What is Zero Trust?" Zscaler.com. Accessed 2023. (This resource explains that Zero Trust continuously assesses risk to inform policy decisions and adapt access controls dynamically).

3. Zscaler. "ZTCA - Zscaler Zero Trust Certified Architect" courseware, Module 2: "Zero Trust Principles." (This module details the concept of dynamic policy enforcement based on continuous risk assessment).