Download Exam question for zscaler and more Exams Computer science in PDF only on Docsity!
You did not pass the test. Select exams have 3 attempts. If you do not see a Take Again button, reach out to [email protected] for assistance. Your score: 26 of 36 Correct (72%) 80% (at least 29 of 36) needed to pass Elapsed time: 19 minutes 36 of 36 questions answered What are two examples of Phase 3: Advanced Controls? (Select 2) Forwarding Methods & Control URL & Application Control Cloud Browser Isolation Bandwidth Control How long does Zscaler Internet Access retain customer’s data in the Zscaler Cloud Platform? 6 months 3 months 1 month 9 months
To fetch all the roles with specific permissions we can use the API Endpoint GET /adminRoles/lite GET /users GET /webDlpRules POST /dlpNotificationTemplates Timeout Policies are applied to which resource types? (Select 2) Application Segment Segment Group Servers Server Groups Connector Groups ZPA diagnostics for a user transaction shows SE: Timeout policy blocked access. Which action would most likely solve this issue? Ensure that the App Connector is able to reach the ZPA Public Service Edge Update the policy to allow the user Enable the App Segment and App Group Segment Have the user re-authenticate in Zscaler Client Connector What is the default Client Forwarding Behavior? Forward ALL confugured applications Forward only allowed applications
Which amongst the following are the phases in the Zscaler Digital Experience deployment methodology? Initiation and Prerequisites Application discovery Configuration and Roll-out All of the above What are the two (2) types of NSS feeds available? NSS for Threats NSS for Web NSS for Sandbox NSS for Firewall In Risk360 under Configuration Risk Report (Analytics > Configuration Risk Report) section displays the organization’s configuration risk score and further breaks down the score contributed from multiple categories including
Web Based Threat File Based Threat Network Based Threats Uninspected Encrypted Traffic What type of web traffic does Cloud Browser Isolation (CBI) help manage? Decrypted High-RIsh Encrypted Cached Cloud Browser Isolation is a valuable tool for securing encrypted web traffic, especially when full SSL/TLS inspection is not feasible or practical. It works by isolating the user's browser session in a remote, secure environment, preventing malicious content from interacting directly with the user's device. This helps mitigate risks from malware, ransomware, and zero-day vulnerabilities, even if the encrypted traffic is not fully inspected. What is the recommended method for handling SSL certificate pinning? Install Zscaler certificate on server Use Zscaler Private Access tunnel Exempt application from SSL Inspection Install Zscaler certificate on client
An entry in the Web Analytics logs shows that a user accessing a URL has a Policy Action value of Allowed, when the configured policies should have blocked them. Which other field in the web log should you check to troubleshoot why this access is not being blocked? Blocked Policy Type Zscaler Client Connector Tunnel Version Data Center SSL Inspected Which amongst the provisioning methods supported by Zscaler? SCIM Hosted User Database Identity Federation Using SAML All the Above Which of the following are recommended Advanced URL Policy Settings? (Select 2) Enable Newly Registered Domain Lookup Enable CIPA Compliance Enforce SafeSearch Enable Identity-based Block Override Enable AI/ML based Content Categorization
Which policy type is equivalent to PAC files in ZPA? Client Forwarding Policy Timeout Policy Access Policy Isolation Policy An organization wants to quickly deploy Zscaler following an incident.They do not want to spend time distributing software clients to all employee machines. Per company policy, all employee traffic must go through the company datacenter. Off site employees will use VPN technology to connect to the corporate network for inspection. What forwarding method would you recommend? Deploy Zscaler Client Connector to all devices and use VPN to route it all back to the datacenter Deploy Zscaler Client Connector to all mobile devices and use GRE or IPSEC tunnels for all users that are onsite Deploy GRE or IPSEC tunnels from the central location and forward all traffic, including VPN, through the tunnels Deploy PAC files to all users What is recommended for URL filtering policy optimization? (Select 2) Cascading Whitelisting Restrciting Blocking
Forward all authenticated employee traffic through the Zscaler Client Connector and all other traffic using GRE tunnels Forward all traffic using GRE tunnels Deploy redundant firewalls and forward traffic with IPSEC tunneling to multiple Zscaler datacenters Deploy Zscaler Client Connector to all devices Connection Status in the ZPA admin portal for an App Connector shows Disconnected. What would be the most useful troubleshooting step? Check if the App Connector is on the same network as the Application Server Check if the configuration graph for the Application Segment shows a connection to the correct App Connector Group Run sudo zpa-connector troubleshoot connection on the App Connector to check for connectivity errors Run sudo systemctl status zpa-connector on the App Connector and check for enrollment errors The error description "Method not allowed. This error is returned when the request method is not supported by the target resource" coresponds to error Code 405 404 200 402 What are three common types of ZIA deployments? (Select 3) Rapid deployment in response to an event
Branch firewall connectivity to Internet Deployment and migration from a current solution Zero Trust Network Access to private applications New deployment with no existing solution In which phase Design Workshops are executed? Initiate Plan Configure Transition What is an essential step in operationalizing DLP rules? Visibility Backup Authentication Encyrption
When are client forwarding decisions made? Before Access Policies After Access Policies When the user logs into Zscaler Client Connector Continuously What are the 3 recommended deployment steps for SSL Inspection? (Select 3)
What does Error Code 415 indicates? Unexpected error Unsupported media type Service is temporarily unavailable Resource does not exist When are client forwarding decisions made? Before Access Policies After Access Policies When the user logs into Zscaler Client Connector Continuously What are three common types of ZIA deployments? (Select 3) Rapid deployment in response to an event Branch firewall connectivity to Internet Deployment and migration from a current solution Zero Trust Network Access to private applications New deployment with no existing solution Which is the Zscaler recommended Authentication method? SAML SCIM DIrectory Server Authentication Bridge
Which policy type is equivalent to PAC files in ZPA?
Client Forwarding Policy
Timeout Policy
Access Policy
Isolation Policy
What are three types of policies within the Global Controls configuration phase? (Select 3) SSL Inspection Malware Protection Data-Leak Prevention URL & Cloud Application Control SAM Which amongst the following are the phases in the Zscaler Digital Experience deployment methodology? Initiation and Prerequisites Application discovery Configuration and Roll-out All of the above Connection Status in the ZPA admin portal for an App Connector shows Disconnected. What would be the most useful troubleshooting step? Check if the App Connector is on the same network as the Application Server Check if the configuration graph for the Application Segment shows a connection to the correct App Connector Group
Roll the SSL Inspection to CXO staff only How long does Zscaler Internet Access retain customer’s data in the Zscaler Cloud Platform? 6 months 3 months 1 month 9 months What type of web traffic does Cloud Browser Isolation (CBI) help manage? Decrypted High-RIsh Encrypted Cached What are the two (2) types of NSS feeds available? NSS for Threats NSS for Web NSS for Sandbox NSS for Firewall Which of the following applications are not suited for ZPA? (Select 3) VoIP RDP Internal DNS Server-to-Client communications SSH
An entry in the Web Analytics logs shows that a user accessing a URL has a Policy Action value of Allowed, when the configured policies should have blocked them. Which other field in the web log should you check to troubleshoot why this access is not being blocked? Blocked Policy Type Zscaler Client Connector Tunnel Version Data Center SSL Inspected An organization wants to quickly deploy Zscaler following an incident.They do not want to spend time distributing software clients to all employee machines. Per company policy, all employee traffic must go through the company datacenter. Off site employees will use VPN technology to connect to the corporate network for inspection. What forwarding method would you recommend? Deploy Zscaler Client Connector to all devices and use VPN to route it all back to the datacenter Deploy Zscaler Client Connector to all mobile devices and use GRE or IPSEC tunnels for all users that are onsite Deploy GRE or IPSEC tunnels from the central location and forward all traffic, including VPN, through the tunnels Deploy PAC files to all users Web analytics log entries are shown below for a user who was blocked trying to access Spotify. Users are permitted to access Spotify, but no other music streaming sites. Which would be the best policy adjustment to allow users access to Spotify? Add open.scdn.com to the Safemarch Permitted Allowlist URL category. Change the SSL policy to inspect spotify.com
