Free Zscaler ZDTA Actual Exam Questions - Question 5 Discussion

It’s D because blocking attachments in webmail happens instantly during the sending process, which is a classic inline action. A is more about endpoint control, but D fits the inline protection concept in data transmission.

Adeel U: A imo, because it stops data from leaving at the device level instantly, not just monitoring but actively blocking, which fits inline protection better than analyzing or just permission settings.

Option A also fits because it stops data movement right at the endpoint, preventing copying before it happens, which is inline by definition—not just network-based blocking like D.

B seems less likely since it’s about sharing in OneDrive, which may rely on permissions rather than real-time blocking. A and D both sound inline, but the context of “inline” usually means active blocking right when data tries to move. Could that exclude B?

A imo works well since it stops data from leaving the device immediately. D is good too but more about network transmission; A feels more direct in real time at the source.

B. This one stands out because it’s about controlling sharing within a platform, not actively blocking data movement in real-time like A or D. So, it feels less inline compared to the others.

I get the point about D being inline since it’s about stopping data during transmission, but A also fits because preventing USB copying happens right where the data is accessed, so it’s inline at the endpoint. B seems more like post-access control, and C is just assessment. So could A also count as inline since it blocks data flow immediately at the source?

Probably D, since it directly stops the data leak during sending, that’s inline.

A imo, blocking copying to USB also stops data loss right at the point of action.

Inline data protection means stopping the data leak right when it happens, so D makes the most sense here. Blocking sensitive docs in webmail is inline. A and B are more about access control, and C is just analysis.