Exam ZTCA Topic 1 Question 29 Discussion

Actual exam question for Zscaler's ZTCA exam
Question #: 29
Topic #: 1
In a Zero Trust architecture, how is the connection to an application provided?

Suggested Answer: A Vote an answer

The correct answer is A. Over any network with per-access control. In Zero Trust architecture, access is provided to the specific application , not to the underlying network. This is a foundational design principle in Zscaler's Universal Zero Trust Network Access (ZTNA) guidance. Users can connect from any location and over any network , while policy is enforced per user, per device, per application, and per session . This differs from legacy approaches that first place the user onto the network and then rely on network segmentation or firewall rules to limit access.
Option B is incorrect because establishing a full network-layer connection is characteristic of legacy VPN- based access, which extends network trust and increases lateral movement risk. Option C is also incorrect because Zero Trust is not defined by building a virtual appliance stack in front of applications. Option D includes TLS, which is used in Zscaler architectures, but the key Zero Trust concept being tested is not merely encrypted transport; it is brokered, granular, per-access connectivity without exposing the application to broad network reachability. Therefore, the most accurate answer is A .

by Sophia at Jun 23, 2026, 06:03 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10