Free Zscaler ZTCA Exam Dumps

The correct answer is B. In Zero Trust architecture, deception as a conditional block policy means suspicious or malicious activity is not sent to the real destination. Instead, the request is redirected to a decoy or controlled service, allowing defenders to observe and understand the behavior without exposing the actual workload. This provides both protection and intelligence. It blocks harmful access while generating insight into attacker methods, compromised accounts, or risky automation.

This aligns with the Zero Trust idea that policy outcomes can be more sophisticated than simple allow or deny. A conditional block with deception is especially valuable when an enterprise wants to stop the request but also gain visibility into why the request is suspicious and how the initiator behaves when interacting with what it believes is the real target.

The other options do not match the concept. Extortion negotiations are unrelated, quarantine VLANs are a legacy network-centric control, and branch local breakout is a traffic-forwarding design choice. Therefore, deception allows the enterprise to selectively redirect questionable access attempts to a decoy service and gather useful security insight while keeping the real destination protected.