Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Zscaler
  3. ZDTA

Zscaler ZDTA Exam (page: 2)
Zscaler Digital Transformation Administrator
Updated on: 24-Mar-2026

Viewing Page 2 of 17
ZDTA PDF 178 Questions

What method does Zscaler Identity Threat Detection and Response use to gather information about AD domains?

  1. Scanning network ports
  2. Running LDAP queries
  3. Analyzing firewall logs
  4. Packet sniffing

Answer(s): B

Explanation:

Zscaler Identity Threat Detection and Response gathers information about Active Directory (AD) domains primarily by running LDAP queries. LDAP queries allow the system to retrieve user and domain information directly and accurately from the AD infrastructure, enabling detection and analysis of identity threats and suspicious activities. The study guide highlights the use of LDAP queries as a reliable and standard method for accessing AD domain data in this security context.



What does a DLP Engine consist of?

  1. DLP Policies
  2. DLP Rules
  3. DLP Dictionaries
  4. DLP Identifiers

Answer(s): C

Explanation:

The DLP (Data Loss Prevention) Engine in Zscaler consists of DLP Dictionaries. These dictionaries contain the sensitive data patterns, keywords, and identifiers used to detect sensitive information in network traffic. They serve as the foundation for defining what content should be inspected and protected.
While DLP policies and rules govern how the engine acts, the engine itself fundamentally depends on these dictionaries to identify sensitive data accurately. The study guide states that DLP Dictionaries are key components that power the detection capabilities within the engine.



A user is accessing a private application through Zscaler with SSL Inspection enabled.
Which certificate will the user see on the browser session?

  1. No certificate, as the session is decrypted by the Service Edge
  2. A self-signed certificate from Zscaler
  3. Real Server Certificate
  4. Zscaler generated MITM Certificate

Answer(s): D

Explanation:

When SSL Inspection is enabled and a user accesses a private application through Zscaler, the user will see a Zscaler generated MITM (Man-In-The-Middle) Certificate on their browser session. Zscaler intercepts and decrypts SSL/TLS traffic at the Service Edge and then re-encrypts it before forwarding it to the client, presenting its own certificate to maintain the security of the connection while enabling inspection.
This allows Zscaler to inspect encrypted traffic for threats and policy enforcement transparently without exposing the original server's certificate. The study guide clarifies this mechanism under SSL Inspection details.



What Malware Protection setting can be selected when setting up a Malware Policy?

  1. Isolate
  2. Bypass
  3. Block
  4. Do Not Decrypt

Answer(s): C

Explanation:

The valid Malware Protection setting selectable when configuring a Malware Policy in Zscaler is Block. This setting instructs the platform to block malicious files or activities detected by malware scanning engines.
Other settings like Isolate or Bypass are not standard malware policy actions in Zscaler's malware protection configuration. The "Do Not Decrypt" option relates to SSL inspection settings, not malware policy actions. The study guide specifies "Block" as the primary malware policy action to enforce protection.



Which are valid criteria for use in Access Policy Rules for ZPA?

  1. Group Membership, ZIA Risk Score, Domain Joined, Certificate Trust
  2. Username, Trusted Network Status, Password, Location
  3. SCIM Group, Time of Day, Client Type, Country Code
  4. Department, SNI, Branch Connector Group, Machine Group

Answer(s): A

Explanation:

Valid criteria for Access Policy Rules in ZPA include Group Membership, ZIA Risk Score, Domain Joined, and Certificate Trust. These attributes allow granular policy decisions based on user identity, device posture, and risk context.
Options including password are invalid as passwords are not used as policy criteria; similarly, SNI and Branch Connector Group are more relevant to other controls. The study guide lists these user and device attributes explicitly as policy criteria within ZPA access policies.



Which type of attack plants malware on commonly accessed services?

  1. Remote access trojans
  2. Phishing
  3. Exploit kits
  4. Watering hole attack

Answer(s): D

Explanation:

A Watering Hole Attack is characterized by attackers planting malware on websites or services that are commonly accessed by their intended victims. The goal is to infect users who visit these trusted sites by injecting malicious code or malware. This type of attack leverages the trust users place in frequently visited services to deliver malware covertly. Other options like Remote Access Trojans, Phishing, and Exploit Kits are attack types but do not specifically involve compromising commonly accessed services to plant malware.



What does the user risk score enable a user to do?

  1. Compare the user risk score with other companies to evaluate users vs other companies.
  2. Determine whether or not a user is authorized to view unencrypted data.
  3. Configure stronger user-specific policies to monitor & control user-level risk exposure.
  4. Determine if a user has been compromised

Answer(s): C

Explanation:

The user risk score enables organizations to configure stronger user-specific policies to monitor and control user-level risk exposure. This score reflects a user's risk posture based on behaviors and detected anomalies and helps in tailoring security policies to address individual risk levels.
While the score gives insight into user risk, it is primarily designed for adaptive policy enforcement rather than direct compromise detection or cross-company comparison. The study guide highlights that user risk scores drive policy adjustments to better secure user activity.



Can URL Filtering make use of Cloud Browser Isolation?

  1. No. Cloud Browser Isolation is a separate platform.
  2. No. Cloud Browser Isolation is only a feature of Advanced Threat Defense.
  3. Yes. After blocking access to a site, the user can manually switch on isolation.
  4. Yes. Isolate is a possible Action for URL Filtering.

Answer(s): D

Explanation:

Yes, URL Filtering can make use of Cloud Browser Isolation. Specifically, "Isolate" is an available action in URL Filtering policies that enables users to access potentially risky or untrusted websites in an isolated environment, preventing any malicious content from reaching the user's device. The study guide explains that integrating Cloud Browser Isolation into URL Filtering enhances security by isolating risky browsing activities directly from policy enforcement points.



Viewing Page 2 of 17



Share your comments for Zscaler ZDTA exam with other users:

LRK 3/22/2026 2:38:08 PM

For Question 7 - while the answer description indicates the correct answer, the option no. mentioned is incorrect. Nice and Comprehensive. Thankyou
Paris, France


Vineet Kumar 3/6/2026 5:26:16 AM

interesting
Anonymous