C Certs Club
Home
Oracle SAP Microsoft Cisco CompTIA Fortinet Salesforce Nutanix Linux Foundation Amazon View All Vendors →
Login Register

Zscaler ZDTA - Zscaler Digital Transformation Administrator Certification Exam

Download Exam View Entire Exam
Page: 1 / 2
Question #1 (Topic: Demo Questions)

Which list of protocols is supported by Zscaler for Privileged Remote Access? 

A.
RDP, VNC and SSH 
B.
RDP, SSH and DHCP
C.
SSH, DNS and DHCP
D.
 RDP, DNS and VNC 
Correct Answer: A
Explanation:
Zscaler supports RDP, VNC, and SSH protocols for Privileged Remote Access. These are commonly
used protocols for remote management and privileged user sessions, allowing secure access to
internal applications or systems without exposing the network or requiring VPN connections.
The study guide clearly states that Privileged Remote Access capabilities focus on these protocols to
ensure secure, monitored, and controlled remote sessions for administrators and privileged users,
supporting remote desktop and shell access securely
Question #2 (Topic: Demo Questions)

When configuring an inline Data Loss Prevention policy with content inspection, which of the following are used to detect data, allow or block transactions, and notify your organization's auditor when a user's transaction triggers a DLP rule?

A.
Hosted PAC Files
B.
Index Tool
C.
DLP engines
D.
VPN Credentials
Correct Answer: C
Explanation:

Zscaler DLP separates detection logic from enforcement policy. Dictionaries contain the sensitive-data patterns, keywords, identifiers, regexes, or fingerprinted data that identify protected information. DLP engines use those dictionaries to evaluate content, and DLP rules or policies decide the enforcement action. Option C (DLP engines) is correct because the detection foundation of a DLP engine is the dictionary content it evaluates against traffic or files.

Why the other options are incorrect:

A. Hosted PAC Files: A PAC file tells the client or browser which proxy path to use for matching destinations.

B. Index Tool: Index Tool suggests the hashing/indexing utility itself. In Zscaler DLP terminology, the protected content matching object is the IDM/EDM template or dictionary construct named by the answer.

D. VPN Credentials: VPN credentials authenticate remote network access. They are not a DLP matching method for identifying sensitive documents.

Question #3 (Topic: Demo Questions)

Which of the following is an unsupported tunnel type?

A.
Generic Routing and Encapsulation (GRE)
B.
HTTP Connect Tunnels
C.
Proprietary Microtunnels
D.
Secure Socket Tunneling Protocol (SSTP)
Correct Answer: D
Explanation:
Zscaler supports forwarding methods such as GRE, IPSec, HTTP CONNECT-style proxy tunnels, and Zscaler proprietary microtunnels depending on the use case. SSTP is a Microsoft VPN tunneling protocol, not a supported Zscaler tunnel type for this platform context. Option D (Secure Socket Tunneling Protocol (SSTP)) is correct because SSTP is the unsupported tunnel option.
Why the other options are incorrect:
A. Generic Routing and Encapsulation (GRE): GRE is a location tunnel method normally used from branches or data centers to Zscaler service edges.
B. HTTP Connect Tunnels: HTTP CONNECT tunnels proxy TCP sessions through an HTTP proxy path; they are not Zscaler Tunnel 2.0 DTLS/TLS transport.
C. Proprietary Microtunnels: A Microtunnel is the per-application communication channel ZPA creates between the user and the private app.
Question #4 (Topic: Demo Questions)

Which proprietary technology does Zscaler use to calculate risk attributes dynamically for websites? 

A.
Third-Party Sandbox 
B.
Zscaler PageRisk 
C.
Browser Isolation Feedback Form 
D.
Deception Controller 
Correct Answer: B
Explanation:
Zscaler uses a proprietary technology called Zscaler PageRisk to calculate risk attributes dynamically
for websites. PageRisk assesses the risk level of a website based on a variety of dynamic factors,
including the site's content, reputation, and behavior, helping to identify potentially harmful or
suspicious sites in real time.
This dynamic risk scoring allows Zscaler to enforce security policies more effectively, blocking or
allowing access based on calculated risk rather than static lists alone. The study guide specifies that
PageRisk is integral to the platform's adaptive security posture and URL filtering capabilities
Question #5 (Topic: Demo Questions)

While troubleshooting a user's slow application access, can a ZDX administrator see degradations in Wi-Fi signal strength?

A.
Yes, the Wi-Fi hop latency is shown on a cloud path probe.
B.
Yes. but the current Wi-Fi signal strength is only displayed when doing a deep trace.
C.
No, ZDX only works on hardwired devices.
D.
Yes, a low Wi-Fi signal may be seen in either the results of a Cloud Path Probe or in the device health Wi-Fi signal indicator.
Next Question
Correct Answer: D
Explanation:
ZDX includes endpoint and network-path visibility, including Wi-Fi health indicators. A poor signal can appear in device health telemetry and in Cloud Path Probe context, allowing the administrator to separate a local wireless problem from Zscaler, ISP, or application issues. Option D (Yes, a low Wi-Fi signal may be seen in either the results of a Cloud Path Probe or in the device health Wi-Fi signal indicator) is correct because Wi-Fi signal degradation is visible through ZDX telemetry.