ZDTA EXAM SCRIPT 2026 COMPLETE
QUESTIONS AND ANSWERS 100% CORRECT
●● Three levels of inspection used by Zscaler DLP for file type
enforcement.
Answer: Magic Bytes, Mime Type, and File Extension.
●● Reason for multiple levels of inspection for file types in Zscaler.
Answer: To prevent users from bypassing policies by changing file
extensions.
●● Predefined dictionaries in Zscaler DLP.
Answer: Classifiers used to identify sensitive data like PCI, PII, and PHI
data.
●● Example of a predefined dictionary used in Zscaler DLP.
Answer: A credit card number dictionary.
●● Custom dictionary in Zscaler DLP.
Answer: A dictionary created by customers using specific phrases,
keywords, patterns, and regular expressions.
●● Use of custom dictionaries in Zscaler DLP.
,Answer: To protect documents with specific headers and footers like
'company-confidential' or 'internal-use only'.
●● Exact Data Match (EDM) in Zscaler DLP.
Answer: A feature that matches specific data elements from a customer's
structured data to trigger DLP policies.
●● How sensitive data is fed to Zscaler's EDM engine.
Answer: By using an on-premises VM that indexes the data and sends
hashes to the Zscaler cloud.
●● What happens to data fed into Zscaler's EDM engine.
Answer: It is converted into hashes and tokens which are stored in the
cloud.
●● Actions triggered by an EDM in Zscaler DLP.
Answer: Actions based on exact matches of sensitive data elements, such
as blocking or alerting on data exfiltration.
●● Main purpose of Out-of-Band Data Protection in Zscaler.
Answer: To secure data at rest in SaaS-based services and public cloud
infrastructure.
●● Key use case for out-of-band data protection in Zscaler.
,Answer: Data discovery and data at rest introspection.
●● Focus of SaaS Security Posture Management (SSPM).
Answer: Cloud misconfiguration, compliance, and third-party app
connections.
●● How SSPM helps with compliance.
Answer: By mapping misconfigurations to different compliance
frameworks like PCI, GDPR, etc.
●● Example of a misconfiguration identified by SSPM.
Answer: Failing to enable multi-factor authentication for Office 365
apps.
●● How SSPM handles third-party app connections.
Answer: By discovering and managing third-party apps connected to
cloud applications via API tokens.
●● Three notification methods in Zscaler for incident management.
Answer: Browser-based notifications, Slack/Teams connectors, and
Zscaler Client Connector pop-ups.
●● Admin capabilities with email notifications in Zscaler incident
management.
, Answer: Receive alerts about DLP and CASB incidents.
●● Protocol used for incident management in Zscaler.
Answer: SecureICA protocol.
●● Integration of Zscaler logs with SIEM tools.
Answer: By streaming real-time logs to feed into the SIEM.
●● Purpose of the Zscaler Client Connector pop-up.
Answer: To communicate with users about blocked transactions and ask
for justifications.
●● Support options available for troubleshooting in Zscaler.
Answer: Self Help support, reporting capabilities, and support ticket
raising.
●● Role of the on-premises VM in Zscaler EDM.
Answer: It serves as the index tool for structured data.
●● Key feature of Zscaler's predefined dictionaries for medical data.
Answer: Identifying ICD-10 and CPT codes.
●● Technology used in some dictionaries to identify complex patterns.
QUESTIONS AND ANSWERS 100% CORRECT
●● Three levels of inspection used by Zscaler DLP for file type
enforcement.
Answer: Magic Bytes, Mime Type, and File Extension.
●● Reason for multiple levels of inspection for file types in Zscaler.
Answer: To prevent users from bypassing policies by changing file
extensions.
●● Predefined dictionaries in Zscaler DLP.
Answer: Classifiers used to identify sensitive data like PCI, PII, and PHI
data.
●● Example of a predefined dictionary used in Zscaler DLP.
Answer: A credit card number dictionary.
●● Custom dictionary in Zscaler DLP.
Answer: A dictionary created by customers using specific phrases,
keywords, patterns, and regular expressions.
●● Use of custom dictionaries in Zscaler DLP.
,Answer: To protect documents with specific headers and footers like
'company-confidential' or 'internal-use only'.
●● Exact Data Match (EDM) in Zscaler DLP.
Answer: A feature that matches specific data elements from a customer's
structured data to trigger DLP policies.
●● How sensitive data is fed to Zscaler's EDM engine.
Answer: By using an on-premises VM that indexes the data and sends
hashes to the Zscaler cloud.
●● What happens to data fed into Zscaler's EDM engine.
Answer: It is converted into hashes and tokens which are stored in the
cloud.
●● Actions triggered by an EDM in Zscaler DLP.
Answer: Actions based on exact matches of sensitive data elements, such
as blocking or alerting on data exfiltration.
●● Main purpose of Out-of-Band Data Protection in Zscaler.
Answer: To secure data at rest in SaaS-based services and public cloud
infrastructure.
●● Key use case for out-of-band data protection in Zscaler.
,Answer: Data discovery and data at rest introspection.
●● Focus of SaaS Security Posture Management (SSPM).
Answer: Cloud misconfiguration, compliance, and third-party app
connections.
●● How SSPM helps with compliance.
Answer: By mapping misconfigurations to different compliance
frameworks like PCI, GDPR, etc.
●● Example of a misconfiguration identified by SSPM.
Answer: Failing to enable multi-factor authentication for Office 365
apps.
●● How SSPM handles third-party app connections.
Answer: By discovering and managing third-party apps connected to
cloud applications via API tokens.
●● Three notification methods in Zscaler for incident management.
Answer: Browser-based notifications, Slack/Teams connectors, and
Zscaler Client Connector pop-ups.
●● Admin capabilities with email notifications in Zscaler incident
management.
, Answer: Receive alerts about DLP and CASB incidents.
●● Protocol used for incident management in Zscaler.
Answer: SecureICA protocol.
●● Integration of Zscaler logs with SIEM tools.
Answer: By streaming real-time logs to feed into the SIEM.
●● Purpose of the Zscaler Client Connector pop-up.
Answer: To communicate with users about blocked transactions and ask
for justifications.
●● Support options available for troubleshooting in Zscaler.
Answer: Self Help support, reporting capabilities, and support ticket
raising.
●● Role of the on-premises VM in Zscaler EDM.
Answer: It serves as the index tool for structured data.
●● Key feature of Zscaler's predefined dictionaries for medical data.
Answer: Identifying ICD-10 and CPT codes.
●● Technology used in some dictionaries to identify complex patterns.
