Download Valid ZDTE Exam Dumps for Best Preparation
Exam : ZDTE
Title : Zscaler Digital
Transformation Engineer
https://www.passcert.com/ZDTE.html
1/6
, Download Valid ZDTE Exam Dumps for Best Preparation
1.What is the default classification for a newly discovered application in the App Inventory in the
Third-Party App Governance Admin Portal?
A. Sanctioned
B. Unsanctioned
C. Reviewing
D. Unclassified
Answer: D
Explanation:
In Zscaler 3rd-Party App Governance documentation, the App Inventory is where administrators view and
manage all discovered third-party apps, add-ons, and extensions. The “Classifying Apps” help article
defines the available states: Unclassified, Sanctioned, Reviewing, and Unsanctioned. Crucially, it notes
that Unclassified is the default state for any new application before an administrator evaluates it.
“Sanctioned” is used once the organization has explicitly approved an app for use; “Unsanctioned” is used
when an app is not allowed; and “Reviewing” indicates it is under investigation. Those labels are the result
of governance decisions applied after discovery.
ZDTE study materials on SaaS and app governance mirror this behavior: newly discovered apps enter
the inventory without an explicit decision, allowing security teams to triage risk, review permissions, and
only then mark them as sanctioned or unsanctioned. Because the default state for a new entry is explicitly
documented as Unclassified, the correct answer is D. Unclassified.
2.How many rounds of analysis are performed on a sandboxed sample to determine its characteristics?
A. One static analysis, one dynamic analysis, and a second static analysis of all dropped files and
artifacts from the dynamic analysis.
B. As many rounds of analysis as the policy is configured to perform.
C. Only a static analysis is performed.
D. Only one static and one dynamic analysis is performed.
Answer: A
Explanation:
Zscaler Cloud Sandbox is designed to detect advanced and previously unknown threats by deeply
analyzing suspicious files in an isolated environment. According to Zscaler’s documented analysis
pipeline, every sandboxed sample goes through a structured, multi-stage process rather than a single
pass.
First, the file undergoes static analysis, where the system inspects the file without executing it. This phase
looks at elements such as structure, headers, embedded resources, and known malicious patterns or
indicators. Next, the file is executed in a dynamic analysis environment (a sandbox) where Zscaler
observes runtime behavior such as process creation, registry modifications, file system changes, network
connections, and attempts at evasion or privilege escalation.
During this dynamic phase, the file may drop or create additional files and artifacts. Zscaler then performs
a second round of static analysis on those dropped components. This secondary static analysis is crucial
because many sophisticated threats unpack or download their real payload only at runtime; analyzing
those artifacts provides a much clearer view of the full attack chain.
Because of this defined three-step approach—static, dynamic, then secondary static analysis on dropped
artifacts—option A is the correct description of how many rounds of analysis are performed on a
sandboxed sample.
2/6
Exam : ZDTE
Title : Zscaler Digital
Transformation Engineer
https://www.passcert.com/ZDTE.html
1/6
, Download Valid ZDTE Exam Dumps for Best Preparation
1.What is the default classification for a newly discovered application in the App Inventory in the
Third-Party App Governance Admin Portal?
A. Sanctioned
B. Unsanctioned
C. Reviewing
D. Unclassified
Answer: D
Explanation:
In Zscaler 3rd-Party App Governance documentation, the App Inventory is where administrators view and
manage all discovered third-party apps, add-ons, and extensions. The “Classifying Apps” help article
defines the available states: Unclassified, Sanctioned, Reviewing, and Unsanctioned. Crucially, it notes
that Unclassified is the default state for any new application before an administrator evaluates it.
“Sanctioned” is used once the organization has explicitly approved an app for use; “Unsanctioned” is used
when an app is not allowed; and “Reviewing” indicates it is under investigation. Those labels are the result
of governance decisions applied after discovery.
ZDTE study materials on SaaS and app governance mirror this behavior: newly discovered apps enter
the inventory without an explicit decision, allowing security teams to triage risk, review permissions, and
only then mark them as sanctioned or unsanctioned. Because the default state for a new entry is explicitly
documented as Unclassified, the correct answer is D. Unclassified.
2.How many rounds of analysis are performed on a sandboxed sample to determine its characteristics?
A. One static analysis, one dynamic analysis, and a second static analysis of all dropped files and
artifacts from the dynamic analysis.
B. As many rounds of analysis as the policy is configured to perform.
C. Only a static analysis is performed.
D. Only one static and one dynamic analysis is performed.
Answer: A
Explanation:
Zscaler Cloud Sandbox is designed to detect advanced and previously unknown threats by deeply
analyzing suspicious files in an isolated environment. According to Zscaler’s documented analysis
pipeline, every sandboxed sample goes through a structured, multi-stage process rather than a single
pass.
First, the file undergoes static analysis, where the system inspects the file without executing it. This phase
looks at elements such as structure, headers, embedded resources, and known malicious patterns or
indicators. Next, the file is executed in a dynamic analysis environment (a sandbox) where Zscaler
observes runtime behavior such as process creation, registry modifications, file system changes, network
connections, and attempts at evasion or privilege escalation.
During this dynamic phase, the file may drop or create additional files and artifacts. Zscaler then performs
a second round of static analysis on those dropped components. This secondary static analysis is crucial
because many sophisticated threats unpack or download their real payload only at runtime; analyzing
those artifacts provides a much clearer view of the full attack chain.
Because of this defined three-step approach—static, dynamic, then secondary static analysis on dropped
artifacts—option A is the correct description of how many rounds of analysis are performed on a
sandboxed sample.
2/6
