Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Zscaler
  5. ZDTA

Zscaler ZDTA Exam
Zscaler Digital Transformation Administrator (Page 3 )

Updated On: 7-Feb-2026
Page 3 of 26
PDF with 178 Questions

An administrator would like users to be able to use the corporate instance of a SaaS application.
Which of the following allows an administrator to make that distinction?

  1. Out-of-band CASB
  2. Cloud application control
  3. URL filtering with SSL inspection
  4. Endpoint DLP

Answer(s): B

Explanation:

Cloud application control is the feature that allows an administrator to distinguish and enforce policies specifically on the corporate instance of a SaaS application. This enables granular control, allowing users to access the approved corporate SaaS while restricting access to personal or unauthorized instances. Out-of-band CASB generally provides visibility but does not enforce real- time distinctions in this context. URL filtering with SSL inspection and Endpoint DLP serve different purposes, such as content inspection and endpoint data protection, respectively. The study guide explains that Cloud Application Control policies identify and enforce controls based on SaaS application instances, providing precise policy enforcement aligned with corporate SaaS usage requirements.



How does Zscaler Risk360 quantify risk?

  1. The number of risk events is totaled by location and combined.
  2. A risk score is computed based on the number of remediations needed compared to the industry peer average.
  3. Time to mitigate each identified risk is totaled, averaged, and tracked to show ongoing trends.
  4. A risk score is computed for each of the four stages of breach.

Answer(s): D

Explanation:

Zscaler Risk360 quantifies risk by computing a risk score that is based on the number of remediations needed in comparison to the industry peer average. This approach allows organizations to understand their relative security posture by evaluating how many issues require remediation and benchmarking that against peers in the industry. This methodology enables prioritized risk management and provides context around the urgency and scale of remediation activities necessary to reduce risk.
Unlike simply counting risk events or focusing on time to mitigate, Risk360 uses this comparative remediation-based scoring to give a comprehensive view of risk. It does not compute separate scores for each of the four breach stages but rather aggregates remediation efforts and benchmarks them to industry standards.
This is confirmed by the study guide's explanation of Risk360's scoring method, highlighting the use of remediation counts compared to peers as the basis for risk scoring.



What is the recommended minimum number of App connectors needed to ensure resiliency?

  1. 2
  2. 6
  3. 4
  4. 3

Answer(s): A

Explanation:

The recommended minimum number of App connectors to ensure resiliency in Zscaler Private Access is 2. Having at least two App connectors provides redundancy, so if one connector fails or is unavailable, the other can continue to provide access without interruption. This recommendation is critical to maintaining high availability and fault tolerance for internal application access. The study guide specifies this minimum to ensure continuity and reliability of application access through ZPA.



What method does Zscaler Identity Threat Detection and Response use to gather information about AD domains?

  1. Scanning network ports
  2. Running LDAP queries
  3. Analyzing firewall logs
  4. Packet sniffing

Answer(s): B

Explanation:

Zscaler Identity Threat Detection and Response gathers information about Active Directory (AD) domains primarily by running LDAP queries. LDAP queries allow the system to retrieve user and domain information directly and accurately from the AD infrastructure, enabling detection and analysis of identity threats and suspicious activities. The study guide highlights the use of LDAP queries as a reliable and standard method for accessing AD domain data in this security context.



What does a DLP Engine consist of?

  1. DLP Policies
  2. DLP Rules
  3. DLP Dictionaries
  4. DLP Identifiers

Answer(s): C

Explanation:

The DLP (Data Loss Prevention) Engine in Zscaler consists of DLP Dictionaries. These dictionaries contain the sensitive data patterns, keywords, and identifiers used to detect sensitive information in network traffic. They serve as the foundation for defining what content should be inspected and protected.
While DLP policies and rules govern how the engine acts, the engine itself fundamentally depends on these dictionaries to identify sensitive data accurately. The study guide states that DLP Dictionaries are key components that power the detection capabilities within the engine.






Post your Comments and Discuss Zscaler ZDTA exam prep with other Community members:

Join the ZDTA Discussion