Download ZDTE Study Guide – Complete Version with Verified Answers. and more Exams Computer Science in PDF only on Docsity!
with Verified Answers.
What do we perform during the cloud effect stage of the cloud sandbox workload? - Correct Answer: Check MD5 hash of the file vs. blacklists from threat feeds and other observed samples in the cloud, What is a yara rule? Really? We are asking this in adv? - Correct Answer: A Yara rule is an open-source tool used by malware researchers to define specific patterns within a file, allowing them to identify and attribute malware samples What happens in the post processing stage? - Correct Answer: Threat DB is updated to deliver immediate cloud effect and policy enforcement rules. AI-Driven Quarantine Effect of Cloud Sandbox: - Correct Answer: An AI-driven malware prevention engine intelligently identifies, quarantines, and prevents unknown or suspicious threats inline using advanced AI/ML without rescanning benign files. What is Command and Control technique? - Correct Answer: A technique used by attackers to communicate with compromised devices over a network. What does Votiro mean? - Correct Answer: A Content Disarm and Reconstruction (CDR) services which ensures the sanitization of files What does Zscaler Cloud Sandbox do? - Correct Answer: Automatically detects, prevents, and intelligently quarantines unknown threats and suspicious files Which of the following techniques is capable of detecting bad packets and taking an action? - Correct Answer: Advanced Threat Protection (ATP) Seek out potential threats with powerful detection capabilities, delivered globally from the Zero Trust Exchange platform - Correct Answer: IPS
with Verified Answers.
What does the Miragemaker module do? - Correct Answer: The Miragemaker module in Zscaler Deception allows you to configure and manage various ready-to-use resources that are typically used to build and deploy different types of decoys. Which of the following Zscaler's capabilities allows users to gain instant access to the content of potential zero day productivity files? - Correct Answer: Browser Isolation Safe Document Rendering Within Zscaler Zero Trust Exchange architecture, which of the following services is comparable with a Web Application Firewall (WAF)? - Correct Answer: Private App Protection Which of the following technologies allows you to define criteria for selecting specific web traffic and apply an isolation profile to ensure secure browsing? - Correct Answer: Contextual aware Protection Customers can bring their own custom signatures to create custom IPS rules as a part of Zscaler's cloud firewall functionality. - Correct Answer: TRUE Why is it important to use IPS to look at traffic on non-standard ports? - Correct Answer: It is common for attackers to sometimes use non-standard ports for well known applications - e.g. running a web server on port 8999 How does Zscaler protect against unknown malicious files? - Correct Answer: With Cloud Sandbox, ZIA can detonate unknown files in an isolated environment and then use dynamic analyses to mark the file as malicious What technology can help in protecting users from websites running never seen before malicious javascript? - Correct Answer: Browser Isolation can be used to safely render websites through a pixelated stream eliminating any malicious javascript from executing
with Verified Answers.
Select options that are true regarding Zscaler Outbound Email DLP (Select three). - Correct Answer: (1) Using outbound and inbound connectors, as well as mail flow rules, the Exchange server sends email to, and receives email from, the Zscaler smart host. (2) The Zscaler smart host receives the email and sends it to the Zscaler DLP service for inspection. The Zscaler DLP service then inspects the email content for sensitive data, adding headers that define DLP actions to emails that trigger outbound email policy. (3) When the Exchange server receives inspected email from the Zscaler smart host, it uses those headers to determine enforcement actions DP :What is parallel processing? - Correct Answer: Even when there is a match, we will continue to go down to the policy engine and be able to execute all the policies before we stop. DP at REST: WHat are the two focus areas of protecting data at rest? - Correct Answer: (1) how to prevent data loss. (2) How to protect against known and unknown threats? DP: What is the first step in the process of data at rest scanning? - Correct Answer: Ultize the same DLP policies you built for inline and identify those assets in the cloud. DP : What action does Zscaler take when it identifies an unknown content? - Correct Answer: Completely unknown assets are sandboxed and wait for a verdict from our cloud sandbox and trigger remediation actions DP: What action does Zscaler take when it identifies malicious content? - Correct Answer: Triggers quarantine DP: While protecting against malware, what action will Zscaler take if an external colloborator injected a PDF that happens to be a known malware? - Correct Answer: Zscaler will identify that the PDF has malicious content and will trigger quarantine action.
with Verified Answers.
DP: As part of protection against malware, what action will Zscaler take when it finds an asset that is completely unknown? - Correct Answer: Zscaler will sandbox the unknown content, wait for the verdict from the cloud sandbox and accordingly trigger a remediation action. DP: State whether the following statement is true or false: Incident Management is a policy protects your traffic from fraud, unauthorized communication, and other malicious objects and scripts. - Correct Answer: FALSE When you do data loss prevention (DLP) for your data at rest scanning, why do we utilize the same DLP policies that you have built for your in-line data protection? - Correct Answer: We utilize those DLP policies to identify, analyze, and resolve misconfigurations.[oddly worded I think I got this wrong] What is Workflow Automation? - Correct Answer: It is a capability that allows organizations to automate Incident Management in order to remediate data protection incidents State whether the following statement is true or false: In case of on - prem incident receiver, you can setup a VM and deploy it to archive all the DLP violations - Correct Answer: FALSE... maybe State whether the following statement is true or false: Incident Management is a policy protects your traffic from fraud, unauthorized communication, and other malicious objects and scripts. - Correct Answer: TRUE IDM (Indexed Document Match) allows organizations to do which of the following? - Correct Answer: Protect their unstructured data, e.g. files such as PDFs or other word documents
with Verified Answers.
Main advantage of using an SD-WAN vendor to connect ot Zscaler over tranditional routers? - Correct Answer: One-click configuration of the connection. What prevents unauthorized SD-WAN router connections to the Zscaler service? - Correct Answer: The partner key Which tunnel types does Zscaler support between a router and a Zscaler data center? - Correct Answer: GRE & IPSEC T/F - GRE Tunnels should always be deployed in pairs for redundancy? - Correct Answer: True Private Service Edge - what's the workflow? - Correct Answer: 1. User Connects to PSE
- PSE --> Express Route or VPN to ZPA CC or DC Connector
- Connector to ZS. cloud to validate Private Service Edge - how to configure? - Correct Answer: 1. Inbound 443, Unique IP, CC needs to comm with PSE IP and app conn
- CC makes decision on what is closest based on client.
- Create intermediate CA under enrollment derts,
- Create a SE group per location
- Get provisioning key and load on PSE
- Host finger print and private keys encrypted
- Service end validates app and client keys through PKI trust Virtual Service Edge - What is supported? - Correct Answer: ZIA: ESXi, VMW on AWS, Azure, GCP
with Verified Answers.
ZPA: ESXi, HyperV, AWS, Azure, GCP VSE - what performance to expect on SSL inspection - Correct Answer: 600MB/sec VSE - what's the routing config? - Correct Answer: EM0 = Mgmt EM1 = Proxy EM2 = Load Balancer IP What are the reporting options for service edges? - Correct Answer: Interactive, executive, forensic, historical sandbox, patrient Zero, threat insights What is the purpose of the logging architecture in the ZTE? - Correct Answer: Analyze user activity and perform analytics for future policy decisions Use cases for traffic forwarding (source IP anchoring) - Correct Answer: 1. Apps that restict client IP
- Set up auth (O365)
- Geo-located based on source IP
- Provided by app connector on PSE
- ZIA apps requiring a known source How to configure source IP anchoring - Correct Answer: 1. Create app seg and enable source IP anchor
- Define Service Group, Connector Group
- Create fwd policy
- In ZIA add gateway rule for app segment
with Verified Answers.
- Content scanned by the Zero Trust Exchange
- Public IP of the App Connector Why would you deploy a ZPA Private Service Edge? (Select three) - Correct Answer:
- Disaster Recovery
- Consistent User Experience
- Prevent Lateral Movement on a trusted campus network Why would you deploy a ZIA Private Service Edge? (Select three) - Correct Answer:
- Geo-Localization
- Source IP address Preservation
- High Bandwidth Sites ZIA Private Service Edge is available in which form factors? - Correct Answer: Physical and Virtual What is one benefit of integrating ZDX into Servicenow? - Correct Answer: Streamlined process and improved efficiency ZDX - What type of data does device inventory provide? - Correct Answer: Current info about org devices and users ZDX Admin access levels? - Correct Answer: Full, View Only, Custom, None Which metric is the most significant in computing a ZDX Score? - Correct Answer: PFT Which action is not a response to an alert trigger in ZDX? - Correct Answer: Automatic system shutdown
with Verified Answers.
What does software reliability feature help identify? - Correct Answer: Problems with software and apps What is one benefit of conducting a deep tracing session? - Correct Answer: It helps pinpointing the root causes of problems. What is the purpose of the Smooth ZDX score? - Correct Answer: Reduce noise and variance What criteria can be used to define alert rules in ZDX? - Correct Answer: DNS, PFT, etc ZDX Co-pilot purpose - Correct Answer: ZDX Copilot uses advanced AI and ML to enhance digital experiences by providing proactive insights and recommendations ZDX Data Explorer what does it do? - Correct Answer: build and organize customized application views. Allows engineers to troubleshoot issues by comparing similar services, and managers to analyze trends What is ZDX Hosted Monitoring: - Correct Answer: enhanced website performance, sla compliance, expansion plans. Hosted probes enable monitoring from apps in different vantage points. To configure cloud path probe, config wizard to define probe details (Name, protocol - ICMP TCP, packet count, hop count, timeout values, dest address). What does call quality monitoring allow for? - Correct Answer: Call Quality: can monitor one to one calls or meetings within two or more participants in a configured team tenant.Teams or Zoom
with Verified Answers.
What are the benefits of running a Deep Tracing Session? (Select 2) - Correct Answer:
- Web Probe and Cloud Path Probe metrics are collected every minute
- You can see process-level information for a user In the Users Dashboard, where can you go to view the path from the user's device to the application in order to drill down on details such as Latency, Packet Loss, or Hop Count? - Correct Answer: Hop View in the Cloud Path section ZDX dependencies for internal apps? - Correct Answer: Before you configure internal applications, confirm that your organization's deployed Client Connectors and App Connectors meet the system requirements. Zscaler Client Connector version 3.6.1 for Windows and App Connector 21.224.1 are required for this ZPA support. What permissions are required to config Teams call quality monitoring? - Correct Answer: Admin to auth O365 + accept permissions for accessing user and call record data via MSFT Graph API What does cloud path probe do? - Correct Answer: Cloud Path Probe - helps ID which hop caused highest latency from user to app How to initiate deep tracing? - Correct Answer: Deep Tracing Initiate through (1) Deep Tracing in admin menu, (2) Shortcut on user overview, (3) User details page ZDX - What Alert Types can be Configured? - Correct Answer: App, Device, Network ZDX - Recommended best practice when configuring probes for internal apps. - Correct Answer: Only select user groups, departments, and locations that actually use the app.
with Verified Answers.
What metrics are collected by the Web Probe (4): - Correct Answer: Page Fetch Time, DNS time, Server Response Time, Availability What configuration items are included with a predefined application? - Correct Answer: Cloud Path Probe and Web Probe What level of privileges is required to authenticate a ZDX tenant with MSFT Graph API? - Correct Answer: User and call record What aspects of the user experience does ZDX monitor? - Correct Answer: Application, Device, and Network, along with data received from Microsoft Teams and Zoom Integration What are the two probe types that are configured while configuring an application in the ZDX Administrator portal? - Correct Answer: Web Probe and Cloudpath Probes The ZDX Web Probe provides which of the following metrics? - Correct Answer: Page Fetch Time, DNS Time, Server Response Time, and Availability Which of the following statements are correct regarding Call Quality Monitoring? - Correct Answer: ZDX supports call quality monitoring for both Zoom and Teams To be able to monitor the Zoom or Teams call quality statistics using ZDX, which of the following requirements must be met? (Select two) - Correct Answer: (1) Zoom and Teams traffic can traverse via ZIA or directly without ZIA, (2) The Zoom and Teams tenants should be added under the Applications tab Call Quality Monitoring - what apps are supported? - Correct Answer: ZDX supports call quality monitoring for both Zoom and Teams
with Verified Answers.
granular security Cloud firewall Predefined apps: - Correct Answer: Youtube, Google, MSFT, AWS, Slack, Dropbox, Webex, Zoho, GCP, IBM smartcloud Cloud FW: What is an example of the granular policies for tenant restriction? - Correct Answer: Grant access to gmail app but deny uploading any files to it to contractors Cloud FW: What are the two versions of tenant restriction? V1 and V2 - Correct Answer: The difference between these two is in version one, you have to give just the information about the tenant directory ID, tenant profile name, which are oftentimes available in the Microsoft 365 admin console. And once you give that, you are basically restricting that particular third party or contractor to only access their tenants. They cannot access your parent organization tenants. So that's what version one does. In version two, things are much more advanced. Microsoft has done some additional capabilities around tenancies where you not only define whether the third party can access their tenant or not. CFW: Select the options that are relevant to Zscaler's Intusion Prevention System capability (Select two) - Correct Answer: (1) Core security capabilities (2) IPS info also leveraged in individual risk WHich type of segmentation allows us to uniquely identify each application or process and automate least privileged models for workload communications? - Correct Answer: User to application segmentation. What are the three bits of info you require to begin configuring Private app access? - Correct Answer: (1) Where hosted, (2) What is the app, (3) Who should have access?
with Verified Answers.
Using Zscaler's cloud app control policy, is it possible to define a rule for instant messaging apps that allows chatting, but blocks file transfers? - Correct Answer: YES How many key engines does the Zscaler Firewall Module have? - Correct Answer: FOUR State whether the following statement is true or false: At a minimum, it's required that you deploy two app connectors to provide a degree of fault tolerance as this allows for failover, resiliency, such as when performing upgrades to the app connectors. - Correct Answer: TRUE What is the purpose of the DPI engine in the Firewall Module? - Correct Answer: The DPI engine helps to identify threats and block ports [NOT RIGHT?] What is the name of the new location type that Zscaler has introduced to support work from anywhere workforce? - Correct Answer: Road Warrior Zscaler offers centralized visibility of all the end users' traffic, irrespective of location, device, and the destination they're trying to reach. - Correct Answer: True State whether the following statement is true or false: Zscaler DNS resolvers are built upon an open source DNS servers technology component for faster resolution. - Correct Answer: True How does Zscaler implement DNS to optimize the path to internet applications? - Correct Answer: Zscaler's built-in DNS resolvers at 150 data centers globally, which intercept DNS requests and provide recursive DNS resolution for identifying low-latency paths to the end destination or SaaS application
