What purpose do Data Loss controls serve?

The correct answers are A and B . In Zero Trust architecture, Data Loss controls exist to prevent sensitive information from leaving the organization in unauthorized ways. Zscaler’s TLS/SSL inspection reference architecture specifically lists Data Loss Prevention (DLP) as a capability that helps prevent sensitive data from leaving the organization . This clearly supports option B , which covers accidental or non-malicious leakage such as unintended sharing, upload mistakes, or improper transfers.

Option A is also correct because data loss controls help detect and stop data theft , including theft carried out by malware or compromised sessions. In Zero Trust, inspection is not limited to who is connecting; it also evaluates what content is moving across the session. That is why encrypted traffic inspection is so important: without it, malicious exfiltration can remain hidden. By contrast, option C describes data integrity and validation functions, which are not the purpose of DLP. Option D refers more to content manipulation or poisoning, which is not the primary function being described by data loss controls in Zscaler’s architecture. Therefore, the correct purposes are detecting data theft and preventing accidental leakage .