Question 4 - Zscaler ZDTA Real Exam Questions [March 2026 Update]

Q: 4

How do Access Policies relate to the Application Segments and Application Segment Groups?

Options

Discussion

Liam I. Feb 24, 2026 11:32 pm

Option C here. Pretty sure both Application Segments and Segment Groups can be configured in the same Access Policy rule, so A is a bit of a trick. Seen this in practice questions before.

Quinn Feb 15, 2026 2:39 am

Pretty sure B, since I thought you could assign allow and block actions across segments and groups in one policy.

Noah G. Mar 3, 2026 1:08 pm

C imo, since Access Policies can target both segments and segment groups. B is kind of a trap here.

Ravi O. Feb 23, 2026 12:11 am

Grace E. Feb 18, 2026 6:25 pm

I think it's B. I remember a practice question letting you split allow for groups and block for segments.

Casey Mar 1, 2026 3:44 pm

Maybe C? The official guide and practice exams both show policies applying allow or block to segments and segment groups together, not split like B or D. If anyone saw different on real exam, say so.

Cameron L. Feb 14, 2026 5:49 am

C is right here, because the policy action covers both segments and groups together, not split like D or B suggest.

SaraM Feb 26, 2026 4:24 am

C/D? I think C is correct since policies can allow or block both segments and segment groups at once, not separately. But not 100 percent because the wording sometimes trips me up. Disagree?

Zoe Feb 17, 2026 10:39 am

C policies can target segments and segment groups at the same time. Pretty sure that's what ZPA docs say.

Drew Feb 28, 2026 11:04 am

C tbh, policies can target both segments and segment groups together, B catches people out.

Be respectful. No spam.

Correct Answer:

Explanation

An Access Policy in Zscaler Private Access (ZPA) is a rule that dictates access to internal applications. Each policy rule is defined by a set of conditions (criteria) and a single, specific action. When the conditions are met, the policy applies its configured action, which can be either "Allow Access" or "Block Access". The targets of this action, defined within the same rule, can be a combination of individual Application Segments and entire Application Segment Groups. This structure allows for both granular control over specific applications and broad, scalable management over logical groupings of applications.

Why Incorrect

A. The use of "OR" is imprecise. A policy rule can target both Application Segments and Application Segment Groups simultaneously, not just one or the other.

B. A single Access Policy rule is configured with only one action. It cannot be configured to simultaneously allow one target and block another.

D. Similar to option B, a single Access Policy rule has a unitary action (either Allow or Block) and cannot perform conflicting actions on different targets.

---

References

1. Zscaler Help Portal

"About Access Policy": "An Access Policy rule consists of two main building blocks: criteria and an action. The criteria for a rule consists of logical expressions that use SAML and SCIM attributes

as well as other criteria (e.g.

client types

location

etc.). The action for the rule can be set to either Allow Access or Block Access." This document confirms that a single rule has a single action.

2. Zscaler Help Portal

"Configuring Access Policies": In the step-by-step guide for creating an Access Policy

Step 2

"Applications

" shows that an administrator can select both Application Segments and Application Segment Groups as targets for the rule. Step 4

"Access

" shows a single "Action" dropdown menu for the entire rule with the options "Allow Access" and "Block Access". This demonstrates that one action is applied to all selected targets

which can be a mix of segments and groups.

3. Zscaler Help Portal

"About Application Segment Groups": "Application Segment Groups allow you to group a set of application segments together. This is useful when you need to apply the same Access Policy or Client Forwarding Policy to multiple application segments." This confirms that Application Segment Groups are valid targets for an Access Policy.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE