Zscaler ZDTA - Zscaler Digital Transformation Administrator Certification Exam
Question #6 (Topic: Demo Questions)
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS includes which of the following?
Correct Answer: C
Explanation:
Cross-Site Scripting injects malicious script into a trusted page so the victim's browser executes attacker-controlled code. Common XSS outcomes include session or cookie theft, unauthorized actions, and data exposure. Option C (Cookie Stealing) is correct because cookie stealing is a classic XSS impact.
Question #7 (Topic: Demo Questions)
What is the name of the feature that allows the platform to apply URL filtering even when a Cloud APP control policy explicitly permits a transaction?
Correct Answer: A
Explanation:
The feature that allows Zscaler to apply URL filtering even when a Cloud App control policy explicitly permits a transaction is called Allow Cascading. This feature ensures that even if a cloud application is permitted by the Cloud App control policy, the URL filtering policy can still be enforced. This is useful in cases where granular URL control is needed on top of cloud app permissions, providing layered security controls. The study guide clearly explains that Allow Cascading enables URL filtering policies to cascade or take precedence and thus still inspect and potentially block URLs even if the cloud app is allowed by policy. This allows administrators to fine-tune access and ensure additional inspection layers on web traffic.
Question #8 (Topic: Demo Questions)
Which attack type is characterized by a commonly used website or service that has malicious content like malicious JavaScript running on it?
Correct Answer: A
Explanation:
A Watering Hole Attack targets users by compromising a website orservice that is commonly visited