Zscaler Certified Technology Associate (ZDTA) — Question 35

Does the Cloud Firewall detect evasion techniques that would allow applications to communicate over non-standard ports to bypass its controls?

Answer options

• A. The Cloud Firewall includes an IPS engine, which will detect the evasion techniques and will just block the transactions as it is invalid.
• B. Zscaler Client Connector will prevent evasion on the endpoint in conjunction with the endpoint operating system's firewall.
• C. As traffic usually is forwarded from an on-premise firewall, this firewall will handle any evasion and will make sure that the protocols are corrected.
• D. The Cloud Firewall includes Deep Packed Inspection, which detects protocol evasions and sends the traffic to the respective engines for inspection and handling.

Correct answer: D

Explanation

The correct answer, D, is accurate because Deep Packet Inspection allows the Cloud Firewall to identify and manage protocol evasions effectively. Option A is incorrect because it does not mention Deep Packet Inspection, which is crucial for detecting such techniques. Option B focuses on endpoint protection rather than the Cloud Firewall's capabilities, and option C misrepresents the role of the on-premise firewall in handling evasion techniques.