Zscaler Digital Transformation
Administrator (ZDTA) Certification
Exam 2026 Questions and Answers
Primary use of policies based on file types in Zscaler DLP - Correct answer-To
protect data by allowing or blocking specific file types and activities.
Three levels of inspection used by Zscaler DLP for file type enforcement - Correct
answer-Magic Bytes, Mime Type, and File Extension.
Reason for multiple levels of inspection for file types in Zscaler - Correct answer-
To prevent users from bypassing policies by changing file extensions.
Predefined dictionaries in Zscaler DLP - Correct answer-Classifiers used to
identify sensitive data like PCI, PII, and PHI data.
Example of a predefined dictionary used in Zscaler DLP - Correct answer-A credit
card number dictionary.
Custom dictionary in Zscaler DLP - Correct answer-A dictionary created by
customers using specific phrases, keywords, patterns, and regular expressions.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,Use of custom dictionaries in Zscaler DLP - Correct answer-To protect documents
with specific headers and footers like 'company-confidential' or 'internal-use only'.
Exact Data Match (EDM) in Zscaler DLP - Correct answer-A feature that matches
specific data elements from a customer's structured data to trigger DLP policies.
How sensitive data is fed to Zscaler's EDM engine - Correct answer-By using an
on-premises VM that indexes the data and sends hashes to the Zscaler cloud.
What happens to data fed into Zscaler's EDM engine - Correct answer-It is
converted into hashes and tokens which are stored in the cloud.
Actions triggered by an EDM in Zscaler DLP - Correct answer-Actions based on
exact matches of sensitive data elements, such as blocking or alerting on data
exfiltration.
Main purpose of Out-of-Band Data Protection in Zscaler - Correct answer-To
secure data at rest in SaaS-based services and public cloud infrastructure.
Key use case for out-of-band data protection in Zscaler - Correct answer-Data
discovery and data at rest introspection.
Focus of SaaS Security Posture Management (SSPM) - Correct answer-Cloud
misconfiguration, compliance, and third-party app connections.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,How SSPM helps with compliance - Correct answer-By mapping
misconfigurations to different compliance frameworks like PCI, GDPR, etc.
Example of a misconfiguration identified by SSPM - Correct answer-Failing to
enable multi-factor authentication for Office 365 apps.
How SSPM handles third-party app connections - Correct answer-By discovering
and managing third-party apps connected to cloud applications via API tokens.
Three notification methods in Zscaler for incident management - Correct answer-
Browser-based notifications, Slack/Teams connectors, and Zscaler Client
Connector pop-ups.
Admin capabilities with email notifications in Zscaler incident management -
Correct answer-Receive alerts about DLP and CASB incidents.
Protocol used for incident management in Zscaler - Correct answer-SecureICA
protocol.
Integration of Zscaler logs with SIEM tools - Correct answer-By streaming real-
time logs to feed into the SIEM.
Purpose of the Zscaler Client Connector pop-up - Correct answer-To communicate
with users about blocked transactions and ask for justifications.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, Support options available for troubleshooting in Zscaler - Correct answer-Self Help
support, reporting capabilities, and support ticket raising.
Role of the on-premises VM in Zscaler EDM - Correct answer-It serves as the
index tool for structured data.
Key feature of Zscaler's predefined dictionaries for medical data - Correct answer-
Identifying ICD-10 and CPT codes.
Technology used in some dictionaries to identify complex patterns - Correct
answer-AI and ML.
How admins can delegate incident management tasks back to users - Correct
answer-Through browser-based notifications, Slack/Teams connectors, or Zscaler
Client Connector pop-ups.
Benefit of using Zscaler's predefined dictionaries - Correct answer-They are based
on standard regex and PCRE engines.
How Zscaler ensures no sensitive data is stored during EDM - Correct answer-By
storing only hashes and tokens, not the exact data.
First step in leveraging Zscaler's support services for troubleshooting - Correct
answer-Utilizing the Self Help support options offered by Zscaler.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
Administrator (ZDTA) Certification
Exam 2026 Questions and Answers
Primary use of policies based on file types in Zscaler DLP - Correct answer-To
protect data by allowing or blocking specific file types and activities.
Three levels of inspection used by Zscaler DLP for file type enforcement - Correct
answer-Magic Bytes, Mime Type, and File Extension.
Reason for multiple levels of inspection for file types in Zscaler - Correct answer-
To prevent users from bypassing policies by changing file extensions.
Predefined dictionaries in Zscaler DLP - Correct answer-Classifiers used to
identify sensitive data like PCI, PII, and PHI data.
Example of a predefined dictionary used in Zscaler DLP - Correct answer-A credit
card number dictionary.
Custom dictionary in Zscaler DLP - Correct answer-A dictionary created by
customers using specific phrases, keywords, patterns, and regular expressions.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,Use of custom dictionaries in Zscaler DLP - Correct answer-To protect documents
with specific headers and footers like 'company-confidential' or 'internal-use only'.
Exact Data Match (EDM) in Zscaler DLP - Correct answer-A feature that matches
specific data elements from a customer's structured data to trigger DLP policies.
How sensitive data is fed to Zscaler's EDM engine - Correct answer-By using an
on-premises VM that indexes the data and sends hashes to the Zscaler cloud.
What happens to data fed into Zscaler's EDM engine - Correct answer-It is
converted into hashes and tokens which are stored in the cloud.
Actions triggered by an EDM in Zscaler DLP - Correct answer-Actions based on
exact matches of sensitive data elements, such as blocking or alerting on data
exfiltration.
Main purpose of Out-of-Band Data Protection in Zscaler - Correct answer-To
secure data at rest in SaaS-based services and public cloud infrastructure.
Key use case for out-of-band data protection in Zscaler - Correct answer-Data
discovery and data at rest introspection.
Focus of SaaS Security Posture Management (SSPM) - Correct answer-Cloud
misconfiguration, compliance, and third-party app connections.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,How SSPM helps with compliance - Correct answer-By mapping
misconfigurations to different compliance frameworks like PCI, GDPR, etc.
Example of a misconfiguration identified by SSPM - Correct answer-Failing to
enable multi-factor authentication for Office 365 apps.
How SSPM handles third-party app connections - Correct answer-By discovering
and managing third-party apps connected to cloud applications via API tokens.
Three notification methods in Zscaler for incident management - Correct answer-
Browser-based notifications, Slack/Teams connectors, and Zscaler Client
Connector pop-ups.
Admin capabilities with email notifications in Zscaler incident management -
Correct answer-Receive alerts about DLP and CASB incidents.
Protocol used for incident management in Zscaler - Correct answer-SecureICA
protocol.
Integration of Zscaler logs with SIEM tools - Correct answer-By streaming real-
time logs to feed into the SIEM.
Purpose of the Zscaler Client Connector pop-up - Correct answer-To communicate
with users about blocked transactions and ask for justifications.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, Support options available for troubleshooting in Zscaler - Correct answer-Self Help
support, reporting capabilities, and support ticket raising.
Role of the on-premises VM in Zscaler EDM - Correct answer-It serves as the
index tool for structured data.
Key feature of Zscaler's predefined dictionaries for medical data - Correct answer-
Identifying ICD-10 and CPT codes.
Technology used in some dictionaries to identify complex patterns - Correct
answer-AI and ML.
How admins can delegate incident management tasks back to users - Correct
answer-Through browser-based notifications, Slack/Teams connectors, or Zscaler
Client Connector pop-ups.
Benefit of using Zscaler's predefined dictionaries - Correct answer-They are based
on standard regex and PCRE engines.
How Zscaler ensures no sensitive data is stored during EDM - Correct answer-By
storing only hashes and tokens, not the exact data.
First step in leveraging Zscaler's support services for troubleshooting - Correct
answer-Utilizing the Self Help support options offered by Zscaler.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
