A. Logs download in 7-zip format to minimize size
B. Files are compressed as gzip archives with ISO-8601 time stamps
C. Connector health metrics are excluded from downloadable logs
D. Admins can request raw JSON over secure WebSocket
A. Bulk CSV importer for all Policy objects
B. Global kill-switch that blocks traffic instantly
C. Plan -> Onboard wizard that stages Sites, Apps, Policies sequentially
D. Log replay simulator for historical policies
A. DNS resolution is delegated to the Cloud SWG service
B. Application is defined in Admin Console and bound to a Policy
C. Connector resides on the same VLAN as the application server
D. User's IDP token includes a group claim mapped in the Policy
A. Desire to reduce CapEx
B. Strict data-residency laws preventing log egress
C. Faster deployment time
D. Built-in visualization dashboards
A. Export of raw DLP incidents via REST API
B. Admin Audit Trail with immutable timestamps
C. Real-time packet captures on the Connector
D. SIEM field masking
A. To automatically map the application to all existing Sites
B. To allow logging of connection attempts before enforcing policy
C. To bypass authentication for testing purposes
D. To enable TLS-offload on the Connector
A. Consistently lowercase user identifiers
B. Convert timestamps to local time zones
C. Use vendor-agnostic ECS/CEF field names
D. Strip out policyId to reduce noise
A. DLP fingerprints overlap
B. An application is unmapped to any Site
C. Connector logs exceed 1 GB/day
D. A new rule duplicates but is lower priority than an existing rule
A. Facilitates unified policy management and reduces errors
B. Accelerates TLS handshake
C. Simplifies Connector load balancing
D. Enables automatic agent installation
A. Allows SIEM to auto-discard duplicates
B. Improves TCP slow-start algorithms
C. Ensures correct TLS certificate validation and log ordering
D. Reduces SAML assertion size
