Inline Data Protection means Zscaler is inspecting data while it is actively moving through an inline traffic path, not after the file is already stored or copied locally. In ZIA, inline DLP evaluates web, SaaS, and webmail uploads in real time by using DLP engines, dictionaries, EDM/IDM, OCR, and other content-inspection logic. That is why Option D (Blocking the attachment of a sensitive document in webmail) is the verified answer: the sensitive document is attached to webmail and Zscaler can stop that outbound transaction before the content leaves the organization.
Why the other options are incorrect:
A. Preventing the copying of a sensitive document to a USB drive: USB-drive blocking is endpoint/data-in-use protection. It stops a local copy action, while inline DLP stops sensitive content as it moves through ZIA traffic.
B. Preventing the sharing of a sensitive document in OneDrive: OneDrive sharing control is normally SaaS API/CASB enforcement against a file already stored in OneDrive. The webmail attachment case is live data-in-motion inspection.
C. Analyzing a customer’s M365 tenant for security best practices: M365 tenant analysis checks configuration posture, permissions, and risky settings. It gives visibility and recommendations; it does not block a user upload in real time.
