Download ZDTE Study Guide || with Certified Answers. and more Exams Computer Engineering and Programming in PDF only on Docsity!
ZDTE Study Guide || with Certified Answers.
Whats a common feature of SD-WAN GRE Tunnels and IPSec Tunnels? correct answers Provide secure communication between different network segments What are the challenges of extending legacy network and security to the public cloud? correct answers Creating VPCs and VNETs add overhead. Increases attach surface. What are the use cases for ZT Cloud? correct answers Workload to internet, intracloud, multi- cloud, hybrid? What is the purpose of a GRE tunnel in the ZTE? correct answers To load balance traffic properly What two items most accurately describe ZT connectors? correct answers 1. Access is granted but never shared at the network layer
- Independent of anyh network for control or trust Main advantage of using an SD-WAN vendor to connect ot Zscaler over tranditional routers? correct answers One-click configuration of the connection. What prevents unauthorized SD-WAN router connections to the Zscaler service? correct answers The partner key Which tunnel types does Zscaler support between a router and a Zscaler data center? correct answers GRE & IPSEC T/F - GRE Tunnels should always be deployed in pairs for redundancy? correct answers True Private Service Edge - what's the workflow? correct answers 1. User Connects to PSE
- PSE --> Express Route or VPN to ZPA CC or DC Connector
- Connector to ZS. cloud to validate Private Service Edge - how to configure? correct answers 1. Inbound 443, Unique IP, CC needs to comm with PSE IP and app conn
- CC makes decision on what is closest based on client.
- Create intermediate CA under enrollment derts,
- Create a SE group per location
- Get provisioning key and load on PSE
- Host finger print and private keys encrypted
- Service end validates app and client keys through PKI trust Virtual Service Edge - What is supported? correct answers ZIA: ESXi, VMW on AWS, Azure, GCP ZPA: ESXi, HyperV, AWS, Azure, GCP VSE - what performance to expect on SSL inspection correct answers 600MB/sec VSE - what's the routing config? correct answers EM0 = Mgmt EM1 = Proxy EM2 = Load Balancer IP What are the reporting options for service edges? correct answers Interactive, executive, forensic, historical sandbox, patrient Zero, threat insights What is the purpose of the logging architecture in the ZTE? correct answers Analyze user activity and perform analytics for future policy decisions
How can an organization configure Source IP anchoring in Zscaler? correct answers By enabling the Source IP anchor flag in ZPA admin portal What is the role of Nanolog Streaming Service (NSS) in log streaming for Zscaler Internet Access? correct answers It creates outbound connections to the log infrastructure for log streaming What are the benefits of Cloud-to-Cloud Log Streaming? correct answers Increased reliability and scalability due to cloud-native traffic flow What is the main function of ZPA Private Service Edge? correct answers Managing connections between Zscaler Client Connector and App Connectors Source IP Anchoring provides what functionalities? (Select three) correct answers 1. Policy based forwarding through the App Connector
- Content scanned by the Zero Trust Exchange
- Public IP of the App Connector Why would you deploy a ZPA Private Service Edge? (Select three) correct answers 1. Disaster Recovery
- Consistent User Experience
- Prevent Lateral Movement on a trusted campus network Why would you deploy a ZIA Private Service Edge? (Select three) correct answers 1. Geo- Localization
- Source IP address Preservation
- High Bandwidth Sites ZIA Private Service Edge is available in which form factors? correct answers Physical and Virtual
What is one benefit of integrating ZDX into Servicenow? correct answers Streamlined process and improved efficiency ZDX - What type of data does device inventory provide? correct answers Current info about org devices and users ZDX Admin access levels? correct answers Full, View Only, Custom, None Which metric is the most significant in computing a ZDX Score? correct answers PFT Which action is not a response to an alert trigger in ZDX? correct answers Automatic system shutdown What does software reliability feature help identify? correct answers Problems with software and apps What is one benefit of conducting a deep tracing session? correct answers It helps pinpointing the root causes of problems. What is the purpose of the Smooth ZDX score? correct answers Reduce noise and variance What criteria can be used to define alert rules in ZDX? correct answers DNS, PFT, etc ZDX Co-pilot purpose correct answers ZDX Copilot uses advanced AI and ML to enhance digital experiences by providing proactive insights and recommendations
How does Zscaler Hosted Monitoring support business growth? correct answers By providing reliable performance data for new applications or regional expansions What is one of the key features of Data Explorer that allows users to handle data effortlessly for creating customized reports? correct answers Data manipulation On the ZDX Dashboard, where can you go to get an overview of global or regional issues that may be occurring with users accessing a selected application? correct answers Cloud Path Graph??? [Think I got this wrong] What are the benefits of running a Deep Tracing Session? (Select 2) correct answers 1. Web Probe and Cloud Path Probe metrics are collected every minute
- You can see process-level information for a user In the Users Dashboard, where can you go to view the path from the user's device to the application in order to drill down on details such as Latency, Packet Loss, or Hop Count? correct answers Hop View in the Cloud Path section ZDX dependencies for internal apps? correct answers Before you configure internal applications, confirm that your organization's deployed Client Connectors and App Connectors meet the system requirements. Zscaler Client Connector version 3.6.1 for Windows and App Connector 21.224.1 are required for this ZPA support. What permissions are required to config Teams call quality monitoring? correct answers Admin to auth O365 + accept permissions for accessing user and call record data via MSFT Graph API What does cloud path probe do? correct answers Cloud Path Probe - helps ID which hop caused highest latency from user to app How to initiate deep tracing? correct answers Deep Tracing
Initiate through (1) Deep Tracing in admin menu, (2) Shortcut on user overview, (3) User details page ZDX - What Alert Types can be Configured? correct answers App, Device, Network ZDX - Recommended best practice when configuring probes for internal apps. correct answers Only select user groups, departments, and locations that actually use the app. What metrics are collected by the Web Probe (4): correct answers Page Fetch Time, DNS time, Server Response Time, Availability What configuration items are included with a predefined application? correct answers Cloud Path Probe and Web Probe What level of privileges is required to authenticate a ZDX tenant with MSFT Graph API? correct answers User and call record What aspects of the user experience does ZDX monitor? correct answers Application, Device, and Network, along with data received from Microsoft Teams and Zoom Integration What are the two probe types that are configured while configuring an application in the ZDX Administrator portal? correct answers Web Probe and Cloudpath Probes The ZDX Web Probe provides which of the following metrics? correct answers Page Fetch Time, DNS Time, Server Response Time, and Availability Which of the following statements are correct regarding Call Quality Monitoring? correct answers ZDX supports call quality monitoring for both Zoom and Teams
Deception: What is a quick way to stop threats right at the DNS level itself? correct answers Always block some of the Advanced Security URL categories that ZS offers in a DNS filtering rule What are the benefits of DNS control? correct answers Fasted front door cloud-effect unresolved queiries detailed logging granular security Cloud firewall Predefined apps: correct answers Youtube, Google, MSFT, AWS, Slack, Dropbox, Webex, Zoho, GCP, IBM smartcloud Cloud FW: What is an example of the granular policies for tenant restriction? correct answers Grant access to gmail app but deny uploading any files to it to contractors Cloud FW: What are the two versions of tenant restriction? V1 and V2 correct answers The difference between these two is in version one, you have to give just the information about the tenant directory ID, tenant profile name, which are oftentimes available in the Microsoft 365 admin console. And once you give that, you are basically restricting that particular third party or contractor to only access their tenants. They cannot access your parent organization tenants. So that's what version one does. In version two, things are much more advanced. Microsoft has done some additional capabilities around tenancies where you not only define whether the third party can access their tenant or not. CFW: Select the options that are relevant to Zscaler's Intusion Prevention System capability (Select two) correct answers (1) Core security capabilities (2) IPS info also leveraged in individual risk
WHich type of segmentation allows us to uniquely identify each application or process and automate least privileged models for workload communications? correct answers User to application segmentation. What are the three bits of info you require to begin configuring Private app access? correct answers (1) Where hosted, (2) What is the app, (3) Who should have access? Using Zscaler's cloud app control policy, is it possible to define a rule for instant messaging apps that allows chatting, but blocks file transfers? correct answers YES How many key engines does the Zscaler Firewall Module have? correct answers FOUR State whether the following statement is true or false: At a minimum, it's required that you deploy two app connectors to provide a degree of fault tolerance as this allows for failover, resiliency, such as when performing upgrades to the app connectors. correct answers TRUE What is the purpose of the DPI engine in the Firewall Module? correct answers The DPI engine helps to identify threats and block ports [NOT RIGHT?] What is the name of the new location type that Zscaler has introduced to support work from anywhere workforce? correct answers Road Warrior Zscaler offers centralized visibility of all the end users' traffic, irrespective of location, device, and the destination they're trying to reach. correct answers True State whether the following statement is true or false: Zscaler DNS resolvers are built upon an open source DNS servers technology component for faster resolution. correct answers True How does Zscaler implement DNS to optimize the path to internet applications? correct answers Zscaler's built-in DNS resolvers at 150 data centers globally, which intercept DNS requests and
What is a yara rule? Really? We are asking this in adv? correct answers A Yara rule is an open- source tool used by malware researchers to define specific patterns within a file, allowing them to identify and attribute malware samples What happens in the post processing stage? correct answers Threat DB is updated to deliver immediate cloud effect and policy enforcement rules. AI-Driven Quarantine Effect of Cloud Sandbox: correct answers An AI-driven malware prevention engine intelligently identifies, quarantines, and prevents unknown or suspicious threats inline using advanced AI/ML without rescanning benign files. What is Command and Control technique? correct answers A technique used by attackers to communicate with compromised devices over a network. What does Votiro mean? correct answers A Content Disarm and Reconstruction (CDR) services which ensures the sanitization of files What does Zscaler Cloud Sandbox do? correct answers Automatically detects, prevents, and intelligently quarantines unknown threats and suspicious files Which of the following techniques is capable of detecting bad packets and taking an action? correct answers Advanced Threat Protection (ATP) Seek out potential threats with powerful detection capabilities, delivered globally from the Zero Trust Exchange platform correct answers IPS What does the Miragemaker module do? correct answers The Miragemaker module in Zscaler Deception allows you to configure and manage various ready-to-use resources that are typically used to build and deploy different types of decoys.
Which of the following Zscaler's capabilities allows users to gain instant access to the content of potential zero day productivity files? correct answers Browser Isolation Safe Document Rendering Within Zscaler Zero Trust Exchange architecture, which of the following services is comparable with a Web Application Firewall (WAF)? correct answers Private App Protection Which of the following technologies allows you to define criteria for selecting specific web traffic and apply an isolation profile to ensure secure browsing? correct answers Contextual aware Protection Customers can bring their own custom signatures to create custom IPS rules as a part of Zscaler's cloud firewall functionality. correct answers TRUE Why is it important to use IPS to look at traffic on non-standard ports? correct answers It is common for attackers to sometimes use non-standard ports for well known applications - e.g. running a web server on port 8999 How does Zscaler protect against unknown malicious files? correct answers With Cloud Sandbox, ZIA can detonate unknown files in an isolated environment and then use dynamic analyses to mark the file as malicious What technology can help in protecting users from websites running never seen before malicious javascript? correct answers Browser Isolation can be used to safely render websites through a pixelated stream eliminating any malicious javascript from executing What is the "Cloud Effect" as it pertains to Cloud Sandbox? correct answers The MD5 hash of a file deemed malicious from Sandbox or threat feeds is uploaded to the cloud so that at any time any customer sees the same file, it will be blocked
(3) When the Exchange server receives inspected email from the Zscaler smart host, it uses those headers to determine enforcement actions DP :What is parallel processing? correct answers Even when there is a match, we will continue to go down to the policy engine and be able to execute all the policies before we stop. DP at REST: WHat are the two focus areas of protecting data at rest? correct answers (1) how to prevent data loss. (2) How to protect against known and unknown threats? DP: What is the first step in the process of data at rest scanning? correct answers Ultize the same DLP policies you built for inline and identify those assets in the cloud. DP : What action does Zscaler take when it identifies an unknown content? correct answers Completely unknown assets are sandboxed and wait for a verdict from our cloud sandbox and trigger remediation actions DP: What action does Zscaler take when it identifies malicious content? correct answers Triggers quarantine DP: While protecting against malware, what action will Zscaler take if an external colloborator injected a PDF that happens to be a known malware? correct answers Zscaler will identify that the PDF has malicious content and will trigger quarantine action. DP: As part of protection against malware, what action will Zscaler take when it finds an asset that is completely unknown? correct answers Zscaler will sandbox the unknown content, wait for the verdict from the cloud sandbox and accordingly trigger a remediation action. DP: State whether the following statement is true or false: Incident Management is a policy protects your traffic from fraud, unauthorized communication, and other malicious objects and scripts. correct answers FALSE
When you do data loss prevention (DLP) for your data at rest scanning, why do we utilize the same DLP policies that you have built for your in-line data protection? correct answers We utilize those DLP policies to identify, analyze, and resolve misconfigurations.[oddly worded I think I got this wrong] What is Workflow Automation? correct answers It is a capability that allows organizations to automate Incident Management in order to remediate data protection incidents State whether the following statement is true or false: In case of on -prem incident receiver, you can setup a VM and deploy it to archive all the DLP violations correct answers FALSE... maybe State whether the following statement is true or false: Incident Management is a policy protects your traffic from fraud, unauthorized communication, and other malicious objects and scripts. correct answers TRUE IDM (Indexed Document Match) allows organizations to do which of the following? correct answers Protect their unstructured data, e.g. files such as PDFs or other word documents How can sensitive data be effectively protected from BYOD? correct answers By using Browser Isolation Which DLP tool allows administrators to see how risky an application is? correct answers Risk Score How does Browser Isolation function? correct answers By isolating the browser from the actual content and sending a pixel stream (image) of the content rather than the actual content What is the main benefit of DLP Parallel Processing? correct answers Provides extreme flexibility and granularity of DLP policy by not stopping processing at the first policy match
