Exam ZDTA Topic 2 Question 111 Discussion

Actual exam question for Zscaler's ZDTA exam
Question #: 111
Topic #: 2
How does a Zscaler administrator troubleshoot a certificate pinned application?

Suggested Answer: A Vote an answer

Certificate-pinned applications fail when an inspection proxy substitutes a trusted Zscaler certificate for the origin certificate. The application expects the server certificate or public key to match a pinned value and therefore rejects the inspected session. The fastest way to diagnose this is to inspect SSL logs for failed client handshakes, certificate errors, or bypass candidates. Option A (They could look at SSL logs for a failed client handshake) is correct because SSL logs show the handshake failure pattern created by certificate pinning.
Why the other options are incorrect:
B). They could reboot the endpoint device: Rebooting may clear a local issue, but certificate pinning is a TLS validation problem. Logs are the right first place to confirm the failed handshake.
C). They could inspect the ZIA Web Policy: ZIA Web Policy controls web access outcomes. A pinned- certificate failure shows up in SSL/TLS handshake behavior, so SSL logs are more direct.
D). They could look into the SaaS application analytics tab: SaaS analytics show application usage and risk. They will not show the client TLS handshake failure that reveals certificate pinning.

by Selena at Jun 29, 2026, 04:07 PM

Limited Time Offer

15%

Off

Get Premium ZDTA Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10