Questions for the ZDTA were updated on : Nov 21 ,2025
Which of the following DLP Notification methods can be used to forward a copy of the data that
triggered the DLP policy to the auditor?
A
Explanation:
The Email Notification Template is the built in mechanism for forwarding a copy of the exact content
that triggered a DLP rule to your designated auditor via email.
Which Platform Service enables visibility into the headers and payload of encrypted transactions?
B
Explanation:
The TLS Decryption platform service intercepts and decrypts SSL/TLS sessions, granting Zscaler access
to both headers and payloads of encrypted traffic for inspection and policy enforcement.
Zscaler Client Connector checks for software updates automatically at which interval?
C
Explanation:
Zscaler Client Connector automatically checks for software updates every 2 hours by default.
When configuring Zscaler Private Access, what is the function of the Server Group?
A
Explanation:
A Server Group holds the actual backend endpoints - defined by FQDNs (or IPs) and ports - and
effectively maps those FQDNs to their IP addresses so ZPA knows which hosts to steer traffic toward.
In which of the following SaaS apps can you protect data at rest via Zscaler's out-of-band CASB
solution?
C
Explanation:
Zscaler’s out of band CASB solution supports data at rest protection for cloud storage platforms like
Google Drive, enabling scanning and governance of files stored there.
Which of the following scenarios would generate a “Patient 0” alert?
B
Explanation:
A “Patient 0” alert fires when the first instance of a previously unknown file slips through (under an
“Allow and Scan” first time action) and is later classified as malicious by the sandbox, identifying that
initial download as the zero day event.
When configuring Applications to be monitored, what probe types can be created?
D
Explanation:
When you set up application monitoring in ZDX, you can create Web Probes to measure application
performance from the browser and Cloud Path Probes to map and monitor the network path to
those applications.
Which of the following components is installed on an endpoint to connect users to the Zero Trust
Exchange regardless of their location - home, work, while traveling, etc.?
A
Explanation:
The Zscaler Client Connector is the lightweight agent installed on endpoints - whether at home, in
the office, or on the road - to securely forward user traffic into the Zero Trust Exchange.
Layered defense throughout an organization security platform is valuable because of which of the
following?
A
Explanation:
By deploying multiple, overlapping security controls at different layers, you force adversaries to
overcome each barrier, significantly raising the cost, complexity, and time required for a successful
attack.
You recently deployed an additional App Connector to and existing app connector group. What do
you need to do before starting the zpa-connector service?
A
Explanation:
Before you start the zpa-connector service on the new host, you must place the App Connector
Group’s provisioning key into /opt/zscaler/var/provision_key so it can register with the control plane.
For a deployment using both ZIA and ZPA set of services, what is the best authentication solution?
C
Explanation:
For a unified, seamless experience - and because ZPA only supports SAML while ZIA’s recommended
authentication is also SAML - you should configure SAML based SSO on both ZIA and ZPA. This
ensures one consistent identity flow and eliminates multiple credential prompts across the
platforms.
Is SCIM required for ZIA?
C
Explanation:
SCIM is optional for ZIA user provisioning - you can onboard users via manual CSV import, SAML
attributes, or other identity integrations without implementing SCIM.
The Zscaler platform can protect against malicious files, URLs and content based on a number of
criteria including reputation type. What type of checking is virus scanning?
A
Explanation:
Virus scanning in the Zscaler platform is part of its Malware Protection capability, which inspects file
content against known virus signatures and behaviors.
Which feature does Zscaler Client Connector Z-Tunnel 2.0 enable over Z-Tunnel 1.0?
B
Explanation:
Z-Tunnel 2.0 upgrades over 1.0 by carrying all ports and protocols through the Cloud Firewall for
inspection - rather than being limited to just HTTP/HTTPS - ensuring full visibility and control.
What ports and protocols are forwarded to the Zero Trust Exchange when Zscaler Client Connector is
using Tunnel 2.0?
C
Explanation:
Zscaler Client Connector’s Tunnel 2.0 uses a packet filter based tunnel that encapsulates all IP traffic -
both TCP and UDP on any port, plus ICMP - to the Zero Trust Exchange