Exam ZDTA Topic 1 Question 104 Discussion

Actual exam question for Zscaler's ZDTA exam
Question #: 104
Topic #: 1
What is the recommended default rule for the cloud-gen firewall configuration when deploying a new ZIA tenant?

Suggested Answer: A Vote an answer

For a new cloud-gen firewall configuration, a default block posture is the safer baseline. Administrators should explicitly permit required business traffic and preserve required Zscaler service rules instead of leaving a broad default allow that weakens least-privilege design. Option A (Block all traffic) is correct because block all traffic is the recommended default-deny stance.
Why the other options are incorrect:
B). Permit all traffic: Permit-all firewall posture lets unexpected services leave the network until later rules stop them.
C). Disable the firewall: Disabling the firewall removes the enforcement layer instead of creating a safe default rule set.
D). Allow only web traffic (ports 80/443): Allowing only ports 80/443 would ignore valid non-web business traffic that may need explicit firewall rules.

by Hobart at May 31, 2026, 01:12 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10