Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Zscaler ZTCA Exam - Topic 1 Question 6 Discussion

Should policy enforcement apply to all traffic, including from authorized initiators?
A) A true Zero Trust solution must never allow any access without authorization.
B) No. It should only apply to unauthorized initiators.
C) Unauthorized initiators are blackholed by default.
D) Zero Trust allows all initiators to see the destination, regardless of role and responsibility.

Zscaler ZTCA Exam - Topic 1 Question 6 Discussion

Actual exam question for Zscaler's ZTCA exam
Question #: 6
Topic #: 1
[All ZTCA Questions]

Should policy enforcement apply to all traffic, including from authorized initiators?

Show Suggested Answer Hide Answer
Suggested Answer: A

The correct answer is A. In Zero Trust architecture, policy enforcement applies to every access request, including requests from users who may ultimately be authorized. Zscaler documentation explains that when a user requests access, the platform evaluates context such as identity, posture, location, group membership, and application conditions, then enforces the matching policy. This means that authorized users are not exempt from policy; rather, policy is what determines whether they are authorized for that specific request.

ZPA guidance also states that access policies use explicit logic based on application segments, SAML attributes, client type, and posture profiles, and that traffic that does not match a policy is automatically blocked. This is fully consistent with the principle that no access should occur outside authorization and policy control.

Option A is the only choice that matches that Zero Trust principle, even though its wording is broader than the question. Options B, C, and D are incorrect because they either exclude authorized users from enforcement or imply unnecessary visibility to destinations. In Zero Trust, all traffic is subject to policy, and nothing should be allowed without authorization.


Contribute your Thoughts:

0/2000 characters
Polly
1 hour ago
Wait, all initiators can see the destination? That sounds risky!
upvoted 0 times
...
Tamekia
5 days ago
Blackholing unauthorized initiators is standard practice.
upvoted 0 times
...
Lisbeth
2 months ago
I disagree, authorized users should have some leeway.
upvoted 0 times
...
Sommer
2 months ago
A true Zero Trust means no access without checks.
upvoted 0 times
...
Barrie
3 months ago
I vaguely recall that unauthorized initiators are treated differently, but I can't remember the specifics about how that works in Zero Trust.
upvoted 0 times
...
Gianna
3 months ago
I feel like option A makes sense, but I wonder if it’s practical to enforce that on all traffic.
upvoted 0 times
...
Avery
3 months ago
I think we practiced a question similar to this, and it emphasized that even authorized traffic should be scrutinized.
upvoted 0 times
...
Floyd
3 months ago
I remember studying that Zero Trust means verifying every request, but I'm not sure if that includes authorized users too.
upvoted 0 times
...

Save Cancel