Free Zscaler ZDTA Actual Exam Questions - Question 13 Discussion
flow attributes?
A/B? A feels right since external attack surface monitoring usually involves lots of event data and traffic attributes from outside, while B is more about stopping attacks, not watching broad data sets. The question says “broad range,” which points to something covering multiple sources and types, fitting A better than the others focused on specific stages or actions.
Not B, because preventing compromise is more about stopping attacks, not monitoring a broad range of events and flows. D seems to cover more types of data and traffic attributes overall.
Option D covers diverse event types and internal traffic flows, fitting the broad scope.
Maybe A, since external attack surface usually covers a wide scope of configurations and traffic flows to spot vulnerabilities.
Maybe D, since lateral propagation deals with how threats move inside the network, which means it would need to track a wide range of events and configurations to spot movement across different systems. That seems broader than just focusing on the external attack surface or preventing compromise in a narrow sense.
It’s B because stopping compromise means watching everything closely, not just one area.
B imo, since preventing compromise means watching lots of different events and configs to catch threats before they spread, not just external or internal-specific stuff.
Probably A since external attack surfaces include many security configs and traffic views.
Maybe D, since watching lateral moves inside the network means tracking lots of event types and traffic flows to catch how threats spread internally.
Option D makes sense since lateral movement inside networks requires monitoring lots of event types and traffic flows, not just external or data loss details.
It’s D because Lateral Propagation deals with how threats move inside the network, so it has to track different event types, security setups, and traffic flows to spot suspicious movement. That’s more than just looking at the perimeter like A or preventing initial compromise like B. D fits better for watching a wide range of internal activity patterns.
B imo, Prevent Compromise focuses on detecting suspicious activity across different data points, which fits observing various events and configurations, not just the external perimeter stuff.
It’s A, External Attack Surface covers broad event and traffic attributes.