Q: 8
How does a Zscaler administrator troubleshoot a certificate pinned application?
Options
Discussion
Option A makes the most sense here, since SSL logs will actually show the handshake failure caused by certificate pinning. D feels like a distractor-analytics won’t reveal handshake-level SSL issues. Seen this in some Zscaler practice sets, but if someone has another approach, let me know.
A . SSL logs are what actually show the failed handshake from cert pinning, that's what a Zscaler admin would check. Policy review is for blocks/misconfig, not cert pinning issues. Saw similar advice in practice guides.
I was thinking C here since inspecting the ZIA Web Policy might help spot blocks or misconfigurations that impact app behavior. Maybe not as direct as logs, but still part of the process for policy-driven issues. Let me know if I missed something with this logic.
Don't think B is helpful, rebooting won't expose why cert pinning fails. A
Had something like this in a mock, SSL logs (A) always pointed out the handshake failures if cert pinning was to blame. The other choices won't get you that direct evidence, pretty sure A is what Zscaler admins check here. Agree?
Nah, B is just a trap. You need actual log evidence for cert pinning issues so A is the only real option here.
Pretty sure A is it, since SSL logs will actually show handshake failures from cert pinning. Rebooting the endpoint (B) or checking web policy (C) won't surface these TLS errors directly. I've seen support teams go straight to logs for this reason. Anyone disagree?
Had something like this in a mock, it's A.
Saw similar wording on a recent practice exam, it was A every time.
A , since SSL logs actually show failed client handshakes caused by cert pinning. A lot of folks mix this up with policy or analytics (trap for C/D), but only logs really tell you what’s breaking. Let me know if you see it differently.
Be respectful. No spam.
