Exam ZTCA Topic 1 Question 32 Discussion
Actual exam question for Zscaler's ZTCA exam
Question #: 32
Topic #: 1
Question #: 32
Topic #: 1
If an enterprise is protecting its services at a network level, such as using firewalls, what happens to that protection when a user leaves the network? (Select 2)
Suggested Answer: A,D Vote an answer
The correct answers are A and D . In a legacy, network-based protection model, security controls such as firewalls are tied to the enterprise network perimeter. When a user leaves that network, the user typically loses direct access to internal services because the protection model assumes the user is on the trusted network or connected into it. To restore access, the organization usually has to establish a path back into the network , most commonly through a virtual private network (VPN) or another routable connection. Zscaler's Zero Trust guidance contrasts directly with this legacy pattern by stating that users should access applications without sharing network context with them.
This is one of the reasons Zero Trust replaces legacy VPN-centric design. ZPA documentation explicitly contrasts Zero Trust with legacy VPNs and firewalls by emphasizing that users connect directly to applications, not the network , thereby minimizing attack surface and removing dependence on being
"inside" the network. Therefore, in a network-level protection model, once the user leaves the network, access is not naturally preserved; instead, access is lost unless a path such as VPN is put in place . The TCP keepalive option is unrelated, and unrestricted internet access to services would contradict the private, firewall-protected network design.
This is one of the reasons Zero Trust replaces legacy VPN-centric design. ZPA documentation explicitly contrasts Zero Trust with legacy VPNs and firewalls by emphasizing that users connect directly to applications, not the network , thereby minimizing attack surface and removing dependence on being
"inside" the network. Therefore, in a network-level protection model, once the user leaves the network, access is not naturally preserved; instead, access is lost unless a path such as VPN is put in place . The TCP keepalive option is unrelated, and unrestricted internet access to services would contradict the private, firewall-protected network design.
by Bruce at Apr 11, 2026, 03:29 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).