Download Zscaler EDU 200 - Essentials - ZDTA Study Set Newest Edition 2025-2026.Questions & Answers and more Exams Computer Science in PDF only on Docsity!
Zscaler EDU 200 - Essentials - ZDTA
Study Set Newest Edition 2025-2026.
Questions & Correct Answers. Graded A
A Cloud Path supports the following protocols for probing: (Select 3)
- BGP
- ICMP
- TCP
- UDP - ANS ICMP TCP UDP A server group maps _____ to ____? Options:
- App Connectors Groups to Application Segments
- Applications to FQDNS
- FQDNs to IP Addresses
- Applications to Application Groups - ANSApp Connectors Groups to Application Segments Browser Based Access enables what kinds of applications to be published? Options:
- HTTP and HTTPS
- RDP and SSH
- Telnet and RDP
- HTTP, HTTPS, and SSH - ANSHTTP and HTTPS By how much has hybrid work increased ticket resolution time? - ANS30% Cloud Path can provide visibility over which paths? Options:
- Cloud Path can provide visibility into the traffic going directly via ZIA and ZPA
- In tunnels formed over ZIA using ZCC Tunnel 2.0 only
- Mainly tunnels which are running ZPA (mtunnels)
- Direct Internet traffic only, as it is not possible to traceroute via Layer 7 Proxy - ANSCloud Path can provide visibility into the traffic going directly via ZIA and ZPA Contextual DLP policy includes (Select 3): - ANSFile Type Control Cloud App Control Tenancy Restrictions Define a zero trust connection - ANSIndependent of any network for control or trust. Zero trust ensures access is granted by never sharing the network between the originator and the destination application. Do most organizations around the world inspect 100% of all SSL/TLS encrypted traffic?
How are app connectors deployed? - ANSA provisioning key is created for each connector group, which is signed by by an intermediate certificate authority and the intermediate trusted by the root CA. Clients are enrolled against a client intermediate certificate authority. How are Newly Observed Domains (NODs) different than Newly Registered Domains (NRDs)? - ANSNRDs were registered recently, whereas NODs may have been registered some time ago but have never been observed with actual clients visiting them, which makes them suspicious How can Zscaler integrate with third-party firewall configuration management vendors so that customers can create and read firewall rules programmatically? Options:
- Via a ticketing system, where third-parties file a ticket
- Via a full CRUD API so customers can create, read, update, and delete firewall rules
- This is not possible - rules must be configured in the Admin UI
- Through natural language processing algorithms in a Slack integration - ANSVia a full CRUD API so customers can create, read, update, and delete firewall rules
How do app connectors work? - ANSThey establish connections through the firewall to the Zscaler cloud and the Zero Trust Exchange facilitates a reverse connection. How do cyber attacks generally occur? - ANSCyber attacks follow the same general pattern. First comes finding the attack surface, then initial compromise, then lateral movement, and finally data loss through exfiltration, encryption or extortion. How do most major security breaches begin? - ANSAn attacker finding your attack surface How does DLP policy work? - ANSDLP policy is created by building a DLP engine using predefined dictionaries and/or custom dictionaries. The DLP engine is then applied to a policy. How does SAML authentication work using Zscaler? - ANS1. Request Application
- Redirect to Zscaler SP (ZIA/ZPA)
- Login Request
- Redirect to SAML IdP
- Login to IdP
- SAML Assertion Identity
- SAML
- Auth Token issued
- Access granted to application
- The SP sends it via a trusted authority to the IdP - ANSThe IdP sends it via the user's browser to the SP (Uses a form POST submitted via JavaScript) How is browser access configured in ZPA? - ANS1. Acquire web server certificate (upload existing certificate or create certificate signing request for web server certificate)
- Define browser access app by creating or editing an application segment How much of an organization's traffic can Zscaler perform SSL/TLS inspection on? Options:
- Zscaler inspects and decrypts 100% of TLS traffic without constraints
- Up to 50%, based on the geography from which a customer is logging in
- All traffic except for zero day malicious files, which cannot be inspected due to evasive techniques built into file's process list
- All traffic except for traffic originating from SaaS providers such as Salesforce, who utilize special SSL evasion techniques - ANSZscaler inspects and decrypts 100% of TLS traffic without constraints How often does the Zscaler Client Connector check for software updates? Options:
- Every 2 hours
- Every 6 hours
- Every 12 hours
- Every 24 hours - ANSEvery 2 hours How often does ZDX probe an application? - ANSEvery 5 minutes How often does Zscaler Client Connector download policy updates for the app profiles and forwarding profiles? - ANSEvery hour How often will Zscaler Client Connector download the PAC file of the app profiles and the forwarding profiles? - ANSEvery 15 minutes In order for Zscaler to enforce policy based on accessing devices, what method is best used by IdPs to share information about a user's accessing device? Options
- Kerberos
- SAML
- Header Injection
- Mobile Device Management - ANSSAML In what way does Zscaler's Identity Proxy enable authentication to SaaS applications? Options:
- Injecting identity headers into the HTTP request
- SSL Inspection
- Browser Isolation
The establishing of an outbound connection from the user's device using an outbound command and control channel to an adversaries' infrastructure Full control over the endpoint by the adversary Privileged Remote Access supports which protocols? (Select 2) Options:
- SSH
- RDP
- CIFS
- HTTP/HTTPS - ANSSSH, RDP SSL inspection is important in order to see - ANSWhat's good and what's bad inside a connection, since most connections are encrypted, in order to understand if there is any malware coming in and/or if there's any sensitive data leaking out. SSPM (SaaS Security Posture Management) enables organizations to find which of the following: - ANSCloud misconfigurations and compliance violations The way to apply a consistent firewall policy for roaming users is to select the ________ location type in the "All Firewall Filtering Rule" settings. Options:
- Bangalore
- Global
- Road Warrior
- It's more complicated than this - you need to configure SCIM, and one of the SCIM attributes needs to be able to do a dynamic geo-IP lookup to determine if a user is on the road or not - ANSRoad Warrior The ZDX Web Probe provides which of the following metrics? Options:
- GET Codes, TCP Sliding Window, Page Errors, and Availability
- Page Fetch Time, DNS Time, Server Response Time, and Availability
- TCP Connect time, HTTP Response Codes, and Page Load Times
- Browser Load Times is the main metric - ANSPage Fetch Time, DNS Time, Server Response Time, and Availability The Zero Trust Exchange, Zscaler's inline security platform, is powered by data centers that sit in how many locations? - ANSOver 150 data centers globally TLS Inspection provides what functionality? (Select 3) Options:
- Validation of certificate and issuer
- Ability to decrypt and scan encrypted content
- Policy for which traffic should be inspected
- Harvests session keys from Zscaler Client Connector for decryption of payload
- the network - ANSThe network To protect sensitive data, organizations must inspect the content inline with data classification capabilities such as predefined dictionaries, custom dictionaries, etc. (True or False) - ANSTRUE Traditional access control powered by legacy on-prem firewalls are zone- based and provide network-to-network access; why is this ineffective? Options:
- Zones inherently are built for rigorous micro-segmentation at a hostname or even a process-to-process level
- Network-to-network access allows for lateral propagation, which increases the attack surface in the event of a compromise
- Linux and IoT devices are incompatible with zones
- It is not possible to set up Layer 7 application rules for different zones, including a demilitarized zone (DMZ) - ANSNetwork-to-network access allows for lateral propagation, which increases the attack surface in the event of a compromise What address translation options are available in the Firewall policy? (Select 3) Options:
- Destination Port Translation
- Source IP Translation to static IP
- Destination IP Translation to static IP
- Source Port Translation
- Destination IP Translation to FQDN - ANSDestination Port Translation Destination IP Translation to static IP Destination IP Translation to FQDN What admin notification methods are available for DLP and CASB incidents? - ANSEmail notification as well as SecureICA protocol for incident management and log stream into the SIEM. What are exploit kits? - ANSMalicious code that exploits vulnerabilities in browsers. What are features of Digital Experience? - ANSEndpoint Monitoring, Network Monitoring, Application Monitoring, UCaaS Monitoring What are features of the Access Control Services Suite? - ANSDNS, Firewall, URL/Web Filtering, App Segmentation, Micro-Segmentation, Tenant Restrictions, Bandwidth QoS, Private App Access, Adaptive Access What are features of the Connectivity Services Suite? - ANSBrowser Access, Client Connector, Branch Connector, Cloud Connector, SD- WAN/Any Router What are features of the Platform Services Suite? - ANSTLS Decryption, Policy Framework, Incident Response/Workflow, Discovery, Device Posture, Reporting/Logging, Risk Score, Analytics/UEBA, AI/ML, Private Service Edge
What are the two probe types that are configured while configuring an application in the ZDX Administrator portal? Options:
- HTML and Network Probes
- MTR and HTTP POST Probes
- Web Probe and Cloudpath Probes
- Traceroute Probe and Network Auth Probes - ANSWeb Probe and Cloudpath Probes What aspects of the user experience does ZDX monitor? - ANSApplication, Device, and Network, along with data received from Microsoft Teams and Zoom Integration What benefits does a Zscaler Tunnel have over other forwarding mechanisms for Zscaler Client Connector? Options:
- Tunnels are the only mechanism to install ZCC
- Tunnels enable only HTTP and HTTPS traffic to be forwarded by ZCC
- Tunnels enable Zscaler to control the end user device
- Tunnels encapsulate traffic and authenticate to the Zero Trust Exchange - ANSTunnels encapsulate traffic and authenticate to the Zero Trust Exchange What component of SAML authentication is the Identity Provider (IdP)? - ANSIdP examples include: Okta,
Ping, AD FS, Azure AD What component of SAML authentication is the Service Provider (SP)? - ANSZscaler acts as a SAML SP What conditions exist for Trusted Network Detection? Options:
- Hostname Resolution, Network Adaptor IP, Default Gateway
- Hostname Resolution, DNS Servers, Geo Location
- DNS Search Domain, DNS Server, Hostname Resolution
- DNS Servers, DNS Search Domain, Network Adaptor IP - ANSDNS Search Domain, DNS Server, Hostname Resolution What connection methods are used for Zscaler browser access? - ANSSSL is always used for the outside connection, whereas HTTP or HTTPS may be used internally. What does a forwarding profile PAC do? - ANSSteers traffic toward or away from the Client Connector What does Advanced Threat Protection do? - ANSIt is part of Zscaler's Secure Web Gateway portfolio within ZIA. It protects users going out to the internet against common attacks such as phishing.
What features of the Zero Trust Exchange reduce attack surface? - ANSPrivileged Remote Access Private Access to applications What features of the Zero Trust Exchange stop initial compromise? - ANSSecure Web Gateway Advanced Threat Prevention Cloud Sandbox Cloud Firewall/IPS Browser Isolation What features of the Zero Trust Exchange stop lateral movement? - ANSDeception Policy Segmentation with ZPA What features of the Zero Trust Exchange will prevent data loss? - ANSCloud Sandbox Secure Web Gateway Browser Isolation DLP (At rest and in motion) What functionality does SCIM provide? - ANSIt supports the addition, deletion, and updating of users as well as the ability to apply policy based on SCIM user or group attributes.
What is a DLP dictionary? - ANSAlgorithms that detect specific kinds of information in traffic. Can trigger on EDM. What is a patient 0 alert? - ANSOccurs when a user downloads an unknown file that is scanned and found to be malicious. This will generate if the first-time action of a Sandbox rule allows users to download files that match the rule criteria and Sends the files to the Sandbox for behavioral analysis. What is a possible data exfiltration channel? - ANSCloud based personal email, file sharing, and collaboration tools What is a spear phishing attack? - ANSA type of attack in which malicious files or attachments can be used in an email, luring the user to open it What is a watering hole attack? - ANSWhen a commonly known website has malicious content like malicious JavaScript running on it. What is an Application Segment? (Select 3) Options:
- A mechanism to append DNS Suffixes to short names
- A list of FQDNs or IP Addresses
- A list of TCP or UDP Ports
- A wildcard domain
- Segments define the network subnets applications exist on - ANSA list of FQDNs or IP Addresses
