Free Zscaler ZDTA Actual Exam Questions - Question 6 Discussion

Not A, B makes more sense because the SAML SP acts as the gateway that first processes the assertion and extracts attributes before any enforcement happens downstream.

It’s B since the SAML SP must parse attributes before enforcement nodes apply policies.

Maybe B is still the best choice since the SAML SP needs to parse and extract the attributes before any other component can use them for policy decisions. Enforcement nodes come into play after that step.

A imo, since enforcement nodes apply policies using those attributes after initial processing.

It’s B, since the SAML SP is the first point handling the assertion data.

Option B makes the most sense since the SAML SP directly processes the assertion from the IDP. Enforcement nodes act later, and the Zero Trust Exchange uses info but doesn’t get attributes directly first.

B. The SAML SP is definitely the first place where those device attributes land from the assertion before anything else processes them for policies. Enforcement nodes come later in the chain.

B/D? The SAML SP (B) definitely gets the attributes first as it handles the assertion, but policy creation might actually happen later in the Zero Trust Exchange (D). If the question implies where those device attributes start being used to form policies, ZTE could be a good pick since it manages access controls. Still, without clarification, B seems like the component that initially processes the attributes after the IDP response.

Makes sense to me that the SAML SP (B) is the first point that actually handles those attributes before anything else in Zscaler can act on them.

It’s B because the SAML SP acts as the initial receiver of the assertion from the IDP, so it has to process those device attributes before anything else can happen.

Pretty sure it's B. Zscaler SAML SP that first consumes the device attributes for policy creation.