Zscaler ZDTA Exam Reviewer

This is a flashcard set for ZDTA

What problem does Zero Trust aim to solve?

Eliminates implicit trust and prevents lateral movement by verifying identity and context for every connection.

How does Zero Trust differ from legacy VPN?

Zero Trust grants application-specific access without putting users on the network, unlike VPNs which allow broad network access.

What is the four-step attack process in legacy security?

Find you, Compromise you, Move laterally, Exfiltrate data.

Why are legacy firewalls ineffective in modern cloud environments?

They expose routable networks, are discoverable, and vulnerable to DDoS and credential-based attacks.

How does Zscaler prevent applications from being discoverable?

By using inside-out App Connector connections that hide apps from the public internet.

What is the main function of ZIA (Zscaler Internet Access)?

Provides secure, reliable internet and SaaS access by inspecting and controlling traffic.

How does ZIA enforce Zero Trust?

It terminates all internet-bound connections, verifies identity, and applies risk-based policies before granting access.

Which performance benefit does ZIA provide for Microsoft 365 and Zoom?

Enables local breakouts to reduce latency and improve user experience.

What is TLS/SSL inspection in ZIA?

Decrypting and inspecting encrypted traffic to detect threats and enforce data protection policies.

Why is TLS inspection important?

Over 90% of internet traffic is encrypted, and threats often hide inside SSL/TLS traffic.

What does ZPA (Zscaler Private Access) provide?

Zero Trust access to private apps without exposing them to the internet.

How does ZPA replace VPNs?

By using inside-out App Connectors and identity-based access instead of extending networks.

What are benefits of ZPA over VDI?

It supports direct RDP/SSH/browser access, reducing need for complex VDI solutions.

What is a Private Service Edge?

A deployment option allowing Zero Trust private access with local processing, avoiding internet routing.

Why does ZPA reduce attack surface?

It hides applications from public IP exposure and prevents discovery by attackers.

What does ZDX (Zscaler Digital Experience) monitor?

End-to-end user experience including apps, networks, and devices.

How does ZDX collect performance data?

Through Zscaler Client Connector and 150+ global points of presence.

What insights does ZDX provide for collaboration tools?

Granular meeting-level audio and video quality metrics for Teams/Zoom.

What unique value does ZDX provide beyond security?

It gives full visibility and root cause analysis for performance issues.

What is a ZDX score?

A performance score combining endpoint, network, and app experience data.

What role does identity integration play in Zero Trust?

Ensures user identity and attributes drive access control policies.

What is SAML used for?

Federated authentication and Single Sign-On across applications.

What is the function of SCIM?

Automates provisioning, updating, and deprovisioning of user accounts across systems.

Why use SCIM over SAML for group policies?

SCIM syncs updates continuously, while SAML only updates on reauthentication.

What does OIDC provide?

Authentication built on OAuth 2.0 for secure, token-based single sign-on.

What does the Zscaler Client Connector do?

Forwards traffic, enforces policies, and provides secure connectivity.

What forwarding mechanism does Zscaler recommend?

Zscaler Tunnel.

What is a PAC file used for?

Routing traffic to Zscaler services based on rules.

What is device posture?

A check of device compliance before granting access.

What is Browser Access in ZPA?

Allows secure app access without installing a client, useful for BYOD or contractors.

What is Zscaler's Policy Framework?

Defines structured rules for traffic forwarding, bandwidth, and security enforcement.

What is tenant restriction?

Restricts SaaS access to authorized organizational tenants.

What is bandwidth control?

Prioritizing or limiting application traffic to optimize performance.

What is Zero Trust segmentation?

Restricting access at app or segment level, preventing lateral movement.

What are App Segments in ZPA?

Logical groupings of applications that map to App Connectors for controlled access.

What is Zscaler Cloud Sandbox?

AI-driven malware detection by detonating suspicious files in a safe environment.

What is Advanced Threat Protection (ATP)?

Stops zero-day and evasive threats with AI, behavioral analysis, and C2 detection.

How does Zscaler handle phishing detection?

AI-powered risk analysis of newly registered and suspicious domains.

What is Zscaler Cloud IPS?

Cloud-based intrusion prevention that blocks exploits and attacks in real time.

What is Zscaler Deception?

Proactive threat detection by luring attackers into decoys to disrupt their actions.

What is inline data protection?

Real-time inspection of data in motion to prevent leaks or policy violations.

What is Exact Data Match (EDM)?

A DLP technique to match and protect sensitive enterprise datasets.

What is Browser Isolation for data protection?

Renders content remotely so sensitive data can't be exfiltrated on unmanaged devices.

What is SaaS Security Posture Management (SSPM)?

Monitors SaaS apps for misconfigurations and compliance risks.

How does Zscaler secure BYOD devices?

Using Browser Isolation and posture checks to enforce policies.

What is Zscaler Risk360?

A cyber risk quantification platform to prioritize and manage enterprise risks.

What is Unified Vulnerability Management (UVM)?

Combines vulnerability data across assets for a unified view.

What is EASM (External Attack Surface Management)?

Discovers and reduces risks from exposed external assets.

What is ITDR (Identity Threat Detection & Response)?

Detects and mitigates identity-based attacks.

What is Zscaler OneAPI?

Unified API framework for automating ZIA, ZPA, ZDX, and connector services.