ZTCA
Zscaler Zero Trust Certified Architect (ZTCA)
A comprehensive zero trust architect credential

Overview
Zscaler Zero Trust Certified Architect (ZTCA), one of the industry’s most comprehensive zero trust certifications, helps network and security professionals attest their expertise in establishing a holistic, layered security approach based on zero trust principles.
The ZTCA certification course offers practical guidance on how to deliver effective control and visibility across zero trust initiatives, as well as contrasting zero trust approaches with legacy architectures. Finally, it explores architectural constructs for real-world implementation, including in the context of the Zscaler Zero Trust Exchange™.
Benefits
1
Become a zero trust expert
2
Grow your careeropportunities
3
Learn at your own pace
What will you learn?
Through a self-paced e-learning module, the ZTCA course will teach you the essential tenets of the zero trust strategy as you learn how to:
01 Apply strategic networking and security concepts to implement adaptive trust, reduce the attack surface, and mitigate overall risk.
02 Understand the fundamental components of a zero trust architecture, including verifying identity and context, inspecting all traffic, encrypted or not, and enforcing policy based on a dynamic risk framework.
03 Design and implement network security based on zero trust principles.
04 Implement the seven elements of a highly successful zero trust architecture to mitigate the inadequacies of legacy network and security architectures.
Course outline
01 A New World of Digital Transformation
02 Connecting to the Zero Trust Exchange
03 Section 1: Verify
- Who is connecting?
- What is the access context?
- Where is the connection going?
04 Section 2: Control
- Assess risk (adaptive control)
- Prevent compromise
- Prevent data loss
05 Section 3: Enforce
- Enforce policy
06 Connecting to the Applications
Who is ZTCA certification for?
Security
- Security administrators
- Security engineer/analysts
- Security architects
- Security managers
- Security consultants
- Cybersecurity analysts
- CISOs
Software
- DevOps engineers
- Software developers
IT
- IT auditors
- System engineers
Networking
- Network architects
- Network/Cloud engineers
- Enterprise architects
Course outline
01 A New World of Digital Transformation
02 Connecting to the Zero Trust Exchange
03 Section 1: Verify
- Who is connecting?
- What is the access context?
- Where is the connection going?
04 Section 2: Control
- Assess risk (adaptive control)
- Prevent compromise
- Prevent data loss
05 Section 3: Enforce
- Enforce policy
06 Connecting to the Applications
Who is ZTCA certification for?
- Security administrators
- Security engineer/analysts
- Security architects
- Security managers
- Security consultants
- Cybersecurity analysts
- CISOs
- IT auditors
- System engineers
- DevOps engineers
- Software developers
- Network architects
- Network/Cloud engineers
- Enterprise architects
Course outline
01 A New World of Digital Transformation
02 Connecting to the Zero Trust Exchange
03 Section 1: Verify
- Who is connecting?
- What is the access context?
- Where is the connection going?
04 Section 2: Control
- Assess risk (adaptive control)
- Prevent compromise
- Prevent data loss
05 Section 3: Enforce
- Enforce Policy
06 Connecting to the Applications
Who is ZTCA certification for?
- Security administrators
- Security engineer/analysts
- Security architects
- Security managers
- Security consultants
- Cybersecurity analysts
- CISOs
- IT auditors
- System engineers
- DevOps engineers
- Software developers
- Network architects
- Network/Cloud engineers
- Enterprise architects
Certification and exam
The ZTCA exam is a two-hour online test consisting of 75 multiple-choice questions. Your purchase provides one test attempt, which you must use within 12 months.
There are no prerequisites to take the ZTCA exam.
Exam Code
ZTCA
Launch Date
November 14, 2022
Description
The ZTCA exam will verify the successful candidate has the knowledge and skills required to assess, recommend, and implement core Zscaler zero trust solutions.
Course Details
- Introduction: An Overview of Zero Trust – 20 minutes
- Section 1: Verify Identity & Context – 60 minutes
- Section 2: Control Content & Access – 60 minutes
- Section 3: Enforce Policy – 60 minutes
- Summary: Zero Trust Architecture Deep Dive – 40 minutes
Number of Questions
75
Type of Questions
Multiple choice
Length of Test
120 minutes
Passing Score
80% (60 correct questions)
Languages
English
Price
US$300
Certification and exam
The ZTCA exam is a two-hour online test consisting of 75 multiple-choice questions. Your purchase provides one test attempt, which you must use within 12 months.
There are no prerequisites to take the ZTCA exam.
ZTCA
November 14, 2022
The ZTCA exam will verify the successful candidate has the knowledge and skills required to assess, recommend, and implement core Zscaler zero trust solutions.
- Introduction: An Overview of Zero Trust – 20 minutes
- Section 1: Verify Identity & Context – 60 minutes
- Section 2: Control Content & Access – 60 minutes
- Section 3: Enforce Policy – 60 minutes
- Summary: Zero Trust Architecture Deep Dive – 40 minutes
Multiple choice
120 minutes
80% (60 correct questions)
English
US$300
Get certified
Customers & Guests
Sign in with your Zscaler Academy account to get started
Don’t have a Zscaler Academy account?
Partners
Sign in with your Zscaler Partner Academy account to get started
Don’t have a Zscaler Partner Academy account?
RESOURCES
Download exam study guide and prep materials
Need help? Email [email protected]
Zero Trust Glossary
A framework for securing organizations in the cloud and mobile world that asserts that no user or application should be trusted by default. Following a key zero trust principle, least-privileged access, trust is established based on context (e.g., user identity and location, the security posture of the endpoint, the app or service being requested) with policy checks at each step.
Zero Trust Network Access is a set of technologies and functionalities that enable secure access to internal applications for remote users. It operates on an adaptive trust model, where trust is never implicit, and access is granted on a need-to-know, least-privileged basis defined by granular policies. ZTNA gives remote users secure connectivity to private apps without placing them on the network or exposing the apps to the internet. ZTNA is also known as the software-defined perimeter (SDP).
A Zero Trust Architecture is a security architecture built to reduce a network's attack surface, prevent lateral movement of threats, and lower the risk of a data breach based on the core tenets of the zero trust approach, by which implicit trust is never granted to any user or device. The zero trust security model puts aside the traditional "network perimeter"—inside of which all devices and users are trusted and given broad permissions—in favor of least-privilege access controls, granular microsegmentation, and multifactor authentication (MFA).
Secure Access Service Edge is a framework defined by Gartner in 2019 as a way to securely connect entities, such as users and machines, to applications and services—from anywhere. SASE combines wide-area networking (WAN) capabilities with security functions, such as SWG, CASB, FWaaS, and ZTNA, into a single cloud-based solution that’s delivered as a service. Services are delivered at the “edge” of a distributed cloud architecture, pushing them as close as possible to users for a fast experience with the fewest hops. At a time when workers are increasingly working remotely and off the corporate network, SASE assists organizations in making a secure, seamless transition to the cloud from legacy hardware in data centers, while securing access to cloud applications and reducing costs.
The security service edge (SSE), as defined by Gartner, is a convergence of network security services—namely SWG, CASB, and ZTNA—delivered from a purpose-built cloud platform. Where SASE focuses on access services, as the name implies, you could consider SSE a subset of SASE focused squarely on security services.