Exam ZDTA Topic 1 Question 104 Discussion
Actual exam question for Zscaler's ZDTA exam
Question #: 104
Topic #: 1
Question #: 104
Topic #: 1
What is the recommended default rule for the cloud-gen firewall configuration when deploying a new ZIA tenant?
Suggested Answer: A Vote an answer
For a new cloud-gen firewall configuration, a default block posture is the safer baseline. Administrators should explicitly permit required business traffic and preserve required Zscaler service rules instead of leaving a broad default allow that weakens least-privilege design. Option A (Block all traffic) is correct because block all traffic is the recommended default-deny stance.
Why the other options are incorrect:
B). Permit all traffic: Permit-all firewall posture lets unexpected services leave the network until later rules stop them.
C). Disable the firewall: Disabling the firewall removes the enforcement layer instead of creating a safe default rule set.
D). Allow only web traffic (ports 80/443): Allowing only ports 80/443 would ignore valid non-web business traffic that may need explicit firewall rules.
Why the other options are incorrect:
B). Permit all traffic: Permit-all firewall posture lets unexpected services leave the network until later rules stop them.
C). Disable the firewall: Disabling the firewall removes the enforcement layer instead of creating a safe default rule set.
D). Allow only web traffic (ports 80/443): Allowing only ports 80/443 would ignore valid non-web business traffic that may need explicit firewall rules.
by Hobart at May 31, 2026, 01:12 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).