試験ZDTE トピック5 問題58 スレッド

Zscaler's application segmentation is the feature that delivers granular, per-application control over which users can access which private apps. In the ZDTE study material and cyberthreat protection quick reference guides, Zscaler explains that application segmentation makes apps and servers completely invisible to unauthorized users, thereby minimizing the attack surface while allowing authorized users to reach only the specific applications they are entitled to.
Zscaler Private AppProtection builds on this segmentation foundation: policies are defined at the application layer using identity (user, group), context, and app attributes, instead of broad network constructs like IP ranges or subnets. This enables security teams to create fine-grained rules that tightly bind users to individual applications, rather than to entire networks. While Private AppProtection adds inline inspection, virtual patching, and exploit prevention, segmentation is the part that dictates who can talk to what.
Threat intelligence integration (option A) enriches detection but does not itself define access. Role-based access control (option C) applies mainly to admin and management roles in consoles, not to runtime user-to- application paths. User behavior analysis (option D) informs risk but is not the primary enforcement mechanism. The specific feature that provides granular control over user access to particular private applications is application segmentation.