Online ZDTA Questions Video

Network Applications are enforced by Firewall Filtering because they are identified at the network/application layer rather than as web pages or DLP events. When access to a Network Application is blocked, the administrator should look at firewall policy and firewall logs for the matching rule. Option C (Firewall Filtering) is correct because Firewall Filtering controls network application access.

Why the other options are incorrect:

A. Sandbox: Cloud Sandbox detonates and observes suspicious files to identify unknown or advanced malware behavior.

B. Browser Control: Browser Control manages browser or web-session behavior. The question is about data protection/control, not browser management.

D. DLP: DLP detects and controls sensitive data movement. The question’s correct feature is more specific than the broad DLP label.

Cloud Browser Isolation protects users by rendering risky web content in a remote browser environment instead of on the endpoint. URL Filtering can use Isolate as an action, so users may still access selected untrusted sites while scripts, active content, and browser-exploit risk remain separated from the device. Option A (Browser Isolation) is correct because isolation is an enforceable URL Filtering action, not a separate manual workaround.

Why the other options are incorrect:

B. App Connector: An App Connector brokers outbound connectivity to private apps. It does not make untrusted public URLs safe for user browsing.

C. Zscaler Private Access: ZPA secures private applications. The scenario is public/untrusted web browsing, which is handled by Browser Isolation through ZIA policy.

D. Zscaler Client Connector: Zscaler Client Connector is the endpoint agent that steers traffic, authenticates users, reports posture, and supplies ZDX telemetry.

Certificate-pinned applications fail when an inspection proxy substitutes a trusted Zscaler certificate for the origin certificate. The application expects the server certificate or public key to match a pinned value and therefore rejects the inspected session. The fastest way to diagnose this is to inspect SSL logs for failed client handshakes, certificate errors, or bypass candidates. Option A (They could look at SSL logs for a failed client handshake) is correct because SSL logs show the handshake failure pattern created by certificate pinning.

Why the other options are incorrect:

B. They could reboot the endpoint device: Rebooting may clear a local issue, but certificate pinning is a TLS validation problem. Logs are the right first place to confirm the failed handshake.

C. They could inspect the ZIA Web Policy: ZIA Web Policy controls web access outcomes. A pinned-certificate failure shows up in SSL/TLS handshake behavior, so SSL logs are more direct.

D. They could look into the SaaS application analytics tab: SaaS analytics show application usage and risk. They will not show the client TLS handshake failure that reveals certificate pinning.

The Security Alerts dashboard summarizes threat impact so administrators can prioritize investigation. The graph showing Top 5 Threats by Systems Impacted identifies which threats are affecting the largest number of systems during the selected period. Option C (Top 5 Threats by Systems Impacted) is correct because it is the impact-oriented alert view.

Why the other options are incorrect:

A. Top 5 Malware Programs Detected: Top malware programs would list malware families by name. The Alerts dashboard graph being tested summarizes threats by the number of impacted systems.

B. Top 5 Viruses by Region: Viruses by region would be a geographic malware report. The Security Alerts widget is focused on the top threats and their system impact.

D. Top 5 Unified Threat Yara Options: YARA-style options are malware-pattern rules, not the dashboard summary metric being asked about.