Zscaler ZTCA Exam - Topic 1 Question 1 Discussion

The correct answer is C. Context and Identity. In Zero Trust architecture, the earliest control decisions cannot be made effectively unless the platform first understands who is making the request and under what conditions that request is happening. That means identity must be verified, and context must be evaluated. Context includes factors such as device posture, location, group membership, application sensitivity, and risk-related conditions. Without those inputs, the architecture cannot determine whether the request should be allowed, restricted, isolated, or blocked.

SSL/TLS inspection is highly important for deeper content-aware controls, but it is not the first requirement for the initial level of control decisions. Local breakout is a traffic-forwarding design choice, not the foundational requirement for policy decision-making. Air-gapping an OT network is a segmentation strategy, but it does not represent the first control layer in Zero Trust. Zero Trust begins with verification and contextual understanding, because policy must be tied to the specific request, not to broad network assumptions. Therefore, the first levels of control policy decisions require context and identity.