C Certs Club
Home
Oracle SAP Microsoft Cisco CompTIA Fortinet Salesforce Nutanix Linux Foundation Amazon View All Vendors →
Login Register

Zscaler ZDTA - Zscaler Digital Transformation Administrator Certification Exam

Download Exam View Entire Exam
Page: 2 / 2
Question #6 (Topic: Demo Questions)

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS includes which of the following?

A.
Spyware Callback
B.
Anonymizers
C.
Cookie Stealing
D.
IRC Tunneling
Correct Answer: C
Explanation:
Cross-Site Scripting injects malicious script into a trusted page so the victim's browser executes attacker-controlled code. Common XSS outcomes include session or cookie theft, unauthorized actions, and data exposure. Option C (Cookie Stealing) is correct because cookie stealing is a classic XSS impact.
Question #7 (Topic: Demo Questions)

What is the name of the feature that allows the platform to apply URL filtering even when a Cloud APP control policy explicitly permits a transaction?

A.
Allow Cascading 
B.
Allow and Quarantine 
C.
Allow URL Filtering 
D.
Allow and Scan 
Correct Answer: A
Explanation:
The feature that allows Zscaler to apply URL filtering even when a Cloud App control policy explicitly permits a transaction is called Allow Cascading. This feature ensures that even if a cloud application is permitted by the Cloud App control policy, the URL filtering policy can still be enforced. This is useful in cases where granular URL control is needed on top of cloud app permissions, providing layered security controls. The study guide clearly explains that Allow Cascading enables URL filtering policies to cascade or take precedence and thus still inspect and potentially block URLs even if the cloud app is allowed by policy. This allows administrators to fine-tune access and ensure additional inspection layers on web traffic.
Question #8 (Topic: Demo Questions)

Which attack type is characterized by a commonly used website or service that has malicious content like malicious JavaScript running on it?

A.
Watering Hole Attack 
B.
Pre-existing Compromise 
C.
Phishing Attack
D.
Exploit Kits 
Correct Answer: A
Explanation:
A Watering Hole Attack targets users by compromising a website orservice that is commonly visited
by the intended victims. The attacker injects malicious content such as malicious JavaScript or
malware into the website, so when the user visits the site, their system gets infected. This attack
relies on the trust users have in popular or legitimate websites and exploits it by turning those sites
into infection vectors.
Pre-existing Compromise refers to attacks where the target environment is already compromised
before the attack is recognized, but it does not specifically describe malicious content injected into
popular websites. Phishing Attack involves deceiving users to click malicious links or reveal
credentials, not compromising websites directly. Exploit Kits are automated tools that scan for
vulnerabilities and deliver exploits but are not characterized by the use of commonly used websites
hosting malicious scripts.
The study guide clearly explains Watering Hole Attacks as a method where attackers infect trusted
websites frequented by target users to deliver malicious payloads
Download Exam
« Prev Page: 2 / 2
Next Page