試験ZDTA トピック2 問題1 スレッド

Cloud Browser Isolation protects users by rendering risky web content in a remote browser environment instead of on the endpoint. URL Filtering can use Isolate as an action, so users may still access selected untrusted sites while scripts, active content, and browser-exploit risk remain separated from the device.
Option B (A new malicious file was detected by the sandbox due to an "allow and scan" First-Time Action in the sandbox policy) is correct because isolation is an enforceable URL Filtering action, not a separate manual workaround.
Why the other options are incorrect:
A). Zscaler's AI/ML based Smart Browser Isolation was triggered due to a users accessing a newly- registered domain: Browser Isolation renders web content remotely so active content never executes directly on the endpoint.
C). A new malicious file was detected by the sandbox due to an "quarantine" First-Time Action in the sandbox policy: Cloud Sandbox detonates and observes suspicious files to identify unknown or advanced malware behavior.
D). Zscaler detected a HIPAA violation with in-band Data Protection scanning: An in-band HIPAA DLP violation would be inline data-protection scanning. The scenario is asking about the specific log/report signal identified by the correct answer.