Zscaler Digital Transformation Administrator ZDTA New Questions

Certificate pinning prevents SSL interception by validating a server’s certificate against known values. When ZIA performs SSL inspection, it substitutes the certificate with one signed by Zscaler’s CA. This causes the handshake to fail for pinned applications. To troubleshoot, an administrator should review SSL logs to identify handshake failures, which indicate certificate pinning issues. Logs will show the TLS negotiation details, including any disruptions.

Zscaler Advanced Firewall supports DNS Tunnel and DNS Application Control, capabilities that are not available in the Standard Firewall. This enhances detection and control of DNS-based threats and allows granular enforcement over DNS queries and responses to prevent data exfiltration and command and control activities.

SCIM is optional for ZIA user provisioning - you can onboard users via manual CSV import, SAML attributes, or other identity integrations without implementing SCIM.

URL Filtering remains the most widely deployed web filtering method, serving as the first line of defense by categorizing and controlling access to websites before any deeper inspection or cloud‑based security service takes over.