Zscaler ZTCA Exam - Topic 6 Question 4 Discussion

The correct answer is B. False. Zero Trust architecture does not treat identity and context as a one-time, fixed decision. Zscaler's architecture guidance shows that access is based on ongoing context, including user identity, device posture, location, and other factors that can change over time. For ZIA, policy assignment evaluates the user, device, location, group, and more to determine which policies apply. For ZPA, user access is matched against current conditions such as location, device posture, user group, department, and time of day.

Zscaler documentation also describes reauthentication intervals and session timeout controls, which further shows that identity and authorization are not treated as permanently settled after one decision. In addition, device posture checks can be repeated over time, and a failed posture check can cause a different policy to be applied.

This is fundamental to Zero Trust: trust is continually evaluated, not granted once and assumed valid for an arbitrary period such as 48 hours. Therefore, the statement is false because identity and access context must be revisited as conditions change.