Risk360 converts Zscaler telemetry into measurable cyber-risk views aligned to the breach lifecycle. Its key risk areas include prevent compromise, data loss, lateral propagation, and external attack surface. The exam wording is asking how the product organizes quantified risk rather than how many alerts exist or how quickly remediation occurs. Option D (A risk score is computed for each of the four stages of breach) is correct because Risk360 scores risk across the major breach stages, allowing administrators and executives to see where exposure is concentrated and prioritize remediation.
Why the other options are incorrect:
A. The number of risk events is totaled by location and combined: Counting risk events by location would give an event-volume report. Risk360 is meant to quantify exposure by breach-stage risk, which is more useful for prioritizing remediation.
B. A risk score is computed based on the number of remediations needed compared to the industry peer average: Peer benchmarking can be useful for executive comparison, but this question is asking how Risk360 structures the score internally: by the four breach stages.
C. Time to mitigate each identified risk is totaled, averaged, and tracked to show ongoing trends: Time to mitigate is an operations metric for remediation speed. It does not describe how Risk360 computes the risk score itself.
