The correct answer is B . Zscaler’s Zero Trust architecture is designed to provide secure connectivity over any underlying network infrastructure , while granting access only to authorized requests and based on granular policy. The Universal ZTNA architecture states that users can be anywhere, applications can be hosted in any location, and there are no IP dependencies, while granular, context-based policies control application access . It also explains that Zero Trust gives users access without requiring them to share network context or routing domain with the applications they need.

Option A is directionally true, but it is narrower than the broader Zero Trust benefit being tested. Option C is incorrect because Zero Trust does not rely on placing users onto an internal routed network through a gateway. Option D describes the complexity of legacy IP-based controls, not an advantage of Zero Trust. Zscaler documentation further emphasizes that users connect directly to apps, not the network , minimizing attack surface and eliminating lateral movement. Therefore, the strongest and most complete advantage over legacy controls is network-agnostic connectivity that is limited to authorized and compliant requests .