Free Zscaler ZDTA Actual Exam Questions - Question 3 Discussion
Exchange?
C imo, because you need to break open the TLS first to actually see and check for malware. The others don't handle encrypted traffic at that level.
Option A doesn’t make sense here since decoy files don’t inspect actual HTTPS traffic. So it’s really between C and D, and only C deals with decrypting and scanning the encrypted streams directly.
C. Without decrypting the TLS traffic, you can’t inspect malware signatures inside HTTPS streams effectively, so C is the only option that fits the need for malware detection in encrypted connections.
C/D? I get why C is the go-to since you need to decrypt to scan encrypted malware. But D might have a role after decryption, like stopping sensitive data leaks or flagged files. Still, that’s more about data protection than malware detection inside HTTPS itself. A and B seem off since decoys (A) and segmentation (B) don’t directly scan or protect encrypted traffic. So, while C handles the actual malware scanning in HTTPS, D could complement it by managing data risks once files are accessible.
C, since decrypting is essential to actually scan encrypted HTTPS content for malware.
Maybe C, since decrypting TLS is the only way to actually see inside HTTPS and detect malware signatures. The rest don’t really deal with analyzing encrypted traffic directly.
B imo doesn’t fit because Application Segmentation is more about controlling access, not scanning for malware. The question targets malware detection inside HTTPS, so decrypting traffic (C) is the key piece.
D imo doesn’t make sense here since Data Loss Protection is about stopping data leaks, not scanning malware inside encrypted traffic. C is the only one that actually handles decrypting traffic to spot malware.
C. It’s the only option that actually deals with decrypting traffic, which is necessary before you can spot malware hidden inside HTTPS connections. The others don’t handle encrypted data directly.
A/B? Neither seems to directly handle encrypted traffic for malware scanning, but deception (A) could be a secondary layer after inspection. Still, decrypting with TLS Inspection (C) is the only one that fits the malware scanning inside HTTPS part.
Maybe C. Without decrypting the traffic first, you can’t really scan for malware inside HTTPS connections. The other options don’t deal with encrypted traffic directly, so they seem less likely.
Option C, since decrypting is crucial before malware detection inside HTTPS.
B tbh doesn’t really fit here since Application Segmentation is more about access control than malware scanning. A and D seem off because deception and data loss protection focus on different security aspects, not directly on inspecting encrypted traffic. C stands out because without decrypting HTTPS, no malware scanning can happen inside those secure tunnels. So, it’s basically the only option that enables malware protection within HTTPS by making traffic visible for inspection.
C/D? I get why C is popular since decrypting is needed to check inside HTTPS, but doesn’t D also play a role in spotting malware by scanning filenames and data? Still, without TLS Inspection (C), you wouldn’t even see the content to analyze, so it feels like C is the main step here, with D as a follow-up. Options A and B seem unrelated to actually inspecting HTTPS traffic for malware.
It’s C because you need to decrypt the traffic first to scan for malware signatures. Without TLS Inspection, the content inside HTTPS is just encrypted and can’t be analyzed properly.
Actually, the key part here is TLS Inspection (C) because without decrypting the HTTPS traffic, you can't really check for malware inside it. Options like Deception (A) or Application Segmentation (B) don’t directly deal with inspecting encrypted traffic. Data Loss Protection (D) focuses more on preventing sensitive data leaks rather than scanning for malware. So, the part that lets you peek inside encrypted HTTPS to detect threats is definitely TLS Inspection.
C imo, makes sense since TLS Inspection handles HTTPS decryption.