Question 1 - Zscaler ZDTA Real Exam Questions [March 2026 Update]

Q: 1

Which of the following is a valid action for a SaaS Security API Data Loss Prevention Rule?

Options

Discussion

Emma W. Feb 26, 2026 2:45 am

Makes sense to pick D here.

Ethan Z. Mar 1, 2026 12:53 pm

Option D here, since B is a trap (quarantine is for malware not DLP in SaaS).

PracticalConsultant4332 Feb 26, 2026 11:36 am

Option D fits because removing external collaborators and disabling sharable links is a typical DLP response for SaaS data risks. The other options aren't standard DLP actions in Zscaler. Pretty sure D is right based on SaaS API controls.

RobinH Mar 4, 2026 7:07 pm

D , since quarantining malware is a common trap but Zscaler DLP for SaaS usually lets you remove sharing instead.

AaronK Feb 21, 2026 7:19 pm

I don't think it's B. D makes more sense for a DLP rule, since quarantine isn't really an option here.

Neha Y. Mar 1, 2026 9:51 am

D tbh. Removing external collaborators and sharable links matches what you'd automate for SaaS DLP, not malware quarantine or zero trust decoy stuff. Not 100% but that's how I've seen it on actual Zscaler screens.

Maya R. Feb 19, 2026 1:03 am

B is off for SaaS DLP, D fits what you'd actually automate for external sharing risks in these tools.

Ryan M. Feb 19, 2026 4:39 pm

Saw a super similar question on a recent practice set, it was D for SaaS DLP actions.

Reese K. Mar 1, 2026 1:51 pm

Not B, D. If the SaaS DLP rule was looking for malware instead of exposed data, then B might fit, but for standard data loss it's all about removing external access and links. Pretty sure that's what they expect.

Luke Mar 3, 2026 6:47 am

I actually thought B made sense since DLP sometimes involves quarantining files, not just stopping sharing. B.

Be respectful. No spam.

Correct Answer:

Explanation

The Zscaler SaaS Security API is designed to scan sanctioned SaaS applications for sensitive data at rest and remediate policy violations. A Data Loss Prevention (DLP) rule within this service identifies files containing sensitive information (e.g., PII, financial data). A primary risk is the overexposure of this data through improper sharing. A valid and common remediation action for a DLP violation is to automatically remove external collaborators' access to the file and delete any publicly accessible sharing links, thereby containing the data and preventing loss.

Why Incorrect

A. Enable AI/ML based Smart Browser Isolation: This is an action associated with Zscaler Internet Access (ZIA) for controlling real-time web traffic and isolating user browsing sessions, not for remediating data at rest found by the SaaS Security API.

B. Quarantine Malware: This is a valid action within the SaaS Security API platform, but it is specifically for a Malware Detection policy, not a Data Loss Prevention (DLP) policy, which is triggered by data content, not malicious code.

C. Create Zero Trust Network Decoy: This is a function of Zscaler's deception technology, used to detect active threats within a network by luring attackers. It is not a remediation action for a DLP policy violation in a SaaS application.

References

1. Zscaler Help Portal

"Configuring the SaaS Security API DLP Policy": This official documentation outlines the specific actions available for DLP rules. Under the "Add DLP Rule" section

the available remediation actions include "Remove Publicly Sharable Links" and "Remove Collaborators

" which directly supports the correct answer (D). It also lists "Quarantine" as an action for the file itself

but distinguishes this from malware-specific actions.

Reference Location: Zscaler Help Portal > Configuration > SaaS Security API Control > Policy > DLP Policy > Configuring the SaaS Security API DLP Policy.

2. Zscaler Help Portal

"About SaaS Security API": This document provides an overview of the service

stating its purpose is to "scan your SaaS applications for data loss

threats

and compliance violations." It emphasizes control over data at rest

which aligns with the remediation action of managing sharing permissions.

Reference Location: Zscaler Help Portal > Configuration > SaaS Security API Control > About SaaS Security API.

3. Zscaler Help Portal

"Configuring the SaaS Security API Malware Detection Policy": This document details the actions for malware detection

which include "Quarantine" and "Delete." This confirms that "Quarantine Malware" (Option B) is an action tied to a different policy type than the one specified in the question (DLP).

Reference Location: Zscaler Help Portal > Configuration > SaaS Security API Control > Policy > Malware Detection Policy > Configuring the SaaS Security API Malware Detection Policy.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE