Download ZDTE STUDYGUIDE EXAM (ACTUAL EXAM) WITH CORRECT ACTUAL QUESTIONS and more Exams Advanced Education in PDF only on Docsity!
ZDTE STUDYGUIDE EXAM (ACTUAL EXAM)
WITH CORRECT ACTUAL QUESTIONS AND
CORRECTLY WELL DEFINED ANSWERS
LATEST ALREADY GRADED A+ 2025 – 2026
DP: What is the first step in the process of data at rest scanning? - ANSWERS- Ultize the same DLP policies you built for inline and identify those assets in the cloud. DP : What action does Zscaler take when it identifies an unknown content? - ANSWERS-Completely unknown assets are sandboxed and wait for a verdict from our cloud sandbox and trigger remediation actions DP: What action does Zscaler take when it identifies malicious content? - ANSWERS-Triggers quarantine DP: While protecting against malware, what action will Zscaler take if an external colloborator injected a PDF that happens to be a known malware? - ANSWERS-Zscaler will identify that the PDF has malicious content and will trigger quarantine action. DP: As part of protection against malware, what action will Zscaler take when it finds an asset that is completely unknown? - ANSWERS-Zscaler will sandbox
the unknown content, wait for the verdict from the cloud sandbox and accordingly trigger a remediation action. DP: State whether the following statement is true or false: Incident Management is a policy protects your traffic from fraud, unauthorized communication, and other malicious objects and scripts. - ANSWERS-FALSE When you do data loss prevention (DLP) for your data at rest scanning, why do we utilize the same DLP policies that you have built for your in-line data protection? - ANSWERS-We utilize those DLP policies to identify, analyze, and resolve misconfigurations.[oddly worded I think I got this wrong] What is Workflow Automation? - ANSWERS-It is a capability that allows organizations to automate Incident Management in order to remediate data protection incidents State whether the following statement is true or false: In case of on - prem incident receiver, you can setup a VM and deploy it to archive all the DLP violations - ANSWERS-FALSE... maybe State whether the following statement is true or false: Incident Management is a policy protects your traffic from fraud, unauthorized communication, and other malicious objects and scripts. - ANSWERS-TRUE Private Service Edge - what's the workflow? - ANSWERS-1. User Connects to PSE
- PSE --> Express Route or VPN to ZPA CC or DC Connector
- Connector to ZS. cloud to validate
Use cases for traffic forwarding (source IP anchoring) - ANSWERS-1. Apps that restict client IP
- Set up auth (O365)
- Geo-located based on source IP
- Provided by app connector on PSE
- ZIA apps requiring a known source How to configure source IP anchoring - ANSWERS-1. Create app seg and enable source IP anchor
- Define Service Group, Connector Group
- Create fwd policy
- In ZIA add gateway rule for app segment How does Zscaler reduce the amount of data passed in log transactions - ANSWERS-Compress and tokenize the log data What are the two types of PSEs? - ANSWERS-ZPA PSE and ZIA PSE What components are involved in traffic forwarding in the Source IP anchoring process? - ANSWERS-Zscaler Internet Access, Zscaler Private Access, Zscaler App Connector Which of the following platforms can Zscaler Private Service Edge be deployed on? - ANSWERS-VMW, HyperV, AWS, Azure What are the deployment options for a Physical Service Edge? (Select two) - ANSWERS-Single-arm, dual-arm
How can an organization configure Source IP anchoring in Zscaler? - ANSWERS-By enabling the Source IP anchor flag in ZPA admin portal What is the role of Nanolog Streaming Service (NSS) in log streaming for Zscaler Internet Access? - ANSWERS-It creates outbound connections to the log infrastructure for log streaming What are the benefits of Cloud-to-Cloud Log Streaming? - ANSWERS- Increased reliability and scalability due to cloud-native traffic flow What is the main function of ZPA Private Service Edge? - ANSWERS-Managing connections between Zscaler Client Connector and App Connectors Source IP Anchoring provides what functionalities? (Select three) - ANSWERS-
- Policy based forwarding through the App Connector
- Content scanned by the Zero Trust Exchange
- Public IP of the App Connector Why would you deploy a ZPA Private Service Edge? (Select three) - ANSWERS-
- Disaster Recovery
- Consistent User Experience
- Prevent Lateral Movement on a trusted campus network Why would you deploy a ZIA Private Service Edge? (Select three) - ANSWERS-
- Geo-Localization
- Source IP address Preservation
What criteria can be used to define alert rules in ZDX? - ANSWERS-DNS, PFT, etc ZDX Co-pilot purpose - ANSWERS-ZDX Copilot uses advanced AI and ML to enhance digital experiences by providing proactive insights and recommendations ZDX Data Explorer what does it do? - ANSWERS-build and organize customized application views. Allows engineers to troubleshoot issues by comparing similar services, and managers to analyze trends What is ZDX Hosted Monitoring: - ANSWERS-enhanced website performance, sla compliance, expansion plans. Hosted probes enable monitoring from apps in different vantage points. To configure cloud path probe, config wizard to define probe details (Name, protocol - ICMP TCP, packet count, hop count, timeout values, dest address). What does call quality monitoring allow for? - ANSWERS-Call Quality: can monitor one to one calls or meetings within two or more participants in a configured team tenant.Teams or Zoom What does ZDX command linme do? - ANSWERS-Command Line view shows similar to tracert IP, direction, geo info, isp names, regions, zs locations, packet loss, failed, latency. Whats a common feature of SD-WAN GRE Tunnels and IPSec Tunnels? - ANSWERS-Provide secure communication between different network segments
What are the challenges of extending legacy network and security to the public cloud? - ANSWERS-Creating VPCs and VNETs add overhead. Increases attach surface. What are the use cases for ZT Cloud? - ANSWERS-Workload to internet, intracloud, multi-cloud, hybrid? What is the purpose of a GRE tunnel in the ZTE? - ANSWERS-To load balance traffic properly What two items most accurately describe ZT connectors? - ANSWERS-1. Access is granted but never shared at the network layer
- Independent of anyh network for control or trust Main advantage of using an SD-WAN vendor to connect ot Zscaler over tranditional routers? - ANSWERS-One-click configuration of the connection. What prevents unauthorized SD-WAN router connections to the Zscaler service? - ANSWERS-The partner key Which tunnel types does Zscaler support between a router and a Zscaler data center? - ANSWERS-GRE & IPSEC T/F - GRE Tunnels should always be deployed in pairs for redundancy? - ANSWERS-True
On the ZDX Dashboard, where can you go to get an overview of global or regional issues that may be occurring with users accessing a selected application? - ANSWERS-Cloud Path Graph??? [Think I got this wrong] What are the benefits of running a Deep Tracing Session? (Select 2) - ANSWERS-1. Web Probe and Cloud Path Probe metrics are collected every minute
- You can see process-level information for a user In the Users Dashboard, where can you go to view the path from the user's device to the application in order to drill down on details such as Latency, Packet Loss, or Hop Count? - ANSWERS-Hop View in the Cloud Path section ZDX dependencies for internal apps? - ANSWERS-Before you configure internal applications, confirm that your organization's deployed Client Connectors and App Connectors meet the system requirements. Zscaler Client Connector version 3.6.1 for Windows and App Connector 21.224.1 are required for this ZPA support. What permissions are required to config Teams call quality monitoring? - ANSWERS-Admin to auth O365 + accept permissions for accessing user and call record data via MSFT Graph API What does cloud path probe do? - ANSWERS-Cloud Path Probe - helps ID which hop caused highest latency from user to app How to initiate deep tracing? - ANSWERS-Deep Tracing Initiate through (1) Deep Tracing in admin menu, (2) Shortcut on user overview, (3) User details page
ZDX - What Alert Types can be Configured? - ANSWERS-App, Device, Network ZDX - Recommended best practice when configuring probes for internal apps.
- ANSWERS-Only select user groups, departments, and locations that actually use the app. What metrics are collected by the Web Probe (4): - ANSWERS-Page Fetch Time, DNS time, Server Response Time, Availability What configuration items are included with a predefined application? - ANSWERS-Cloud Path Probe and Web Probe What level of privileges is required to authenticate a ZDX tenant with MSFT Graph API? - ANSWERS-User and call record What aspects of the user experience does ZDX monitor? - ANSWERS- Application, Device, and Network, along with data received from Microsoft Teams and Zoom Integration What are the two probe types that are configured while configuring an application in the ZDX Administrator portal? - ANSWERS-Web Probe and Cloudpath Probes The ZDX Web Probe provides which of the following metrics? - ANSWERS- Page Fetch Time, DNS Time, Server Response Time, and Availability
DNS Control best practices - ANSWERS-1. Set unknown DNS traffic to block, block all commonly blocked DNS tunnels, Block all common allowed tunnels and whitelist good. Deception: How do you block some suspicious traffic for analysis? - ANSWERS-ZS redirects request to a specific IP address and trick the end user to assume that it is a genuine server and buy time for analysis Deception: What is a quick way to stop threats right at the DNS level itself? - ANSWERS-Always block some of the Advanced Security URL categories that ZS offers in a DNS filtering rule What are the benefits of DNS control? - ANSWERS-Fasted front door cloud-effect unresolved queiries detailed logging granular security Cloud firewall Predefined apps: - ANSWERS-Youtube, Google, MSFT, AWS, Slack, Dropbox, Webex, Zoho, GCP, IBM smartcloud Cloud FW: What is an example of the granular policies for tenant restriction?
- ANSWERS-Grant access to gmail app but deny uploading any files to it to contractors Cloud FW: What are the two versions of tenant restriction? V1 and V2 - ANSWERS-The difference between these two is in version one, you have to give just the information about the tenant directory ID, tenant profile name,
which are oftentimes available in the Microsoft 365 admin console. And once you give that, you are basically restricting that particular third party or contractor to only access their tenants. They cannot access your parent organization tenants. So that's what version one does. In version two, things are much more advanced. Microsoft has done some additional capabilities around tenancies where you not only define whether the third party can access their tenant or not. CFW: Select the options that are relevant to Zscaler's Intusion Prevention System capability (Select two) - ANSWERS-(1) Core security capabilities (2) IPS info also leveraged in individual risk WHich type of segmentation allows us to uniquely identify each application or process and automate least privileged models for workload communications? - ANSWERS-User to application segmentation. What are the three bits of info you require to begin configuring Private app access? - ANSWERS-(1) Where hosted, (2) What is the app, (3) Who should have access? Using Zscaler's cloud app control policy, is it possible to define a rule for instant messaging apps that allows chatting, but blocks file transfers? - ANSWERS-YES How many key engines does the Zscaler Firewall Module have? - ANSWERS- FOUR
How can Zscaler provide security in a scenario where DNS is sent over HTTPS?
- ANSWERS-Zscaler's SSL inspection engine can decrypt the HTTPS and look into the JSON file to get the POST headers What is one of the benefits of using Tenant Restrictions? - ANSWERS-Different profiles can be provided for employees vs contractors to provide different levels of access to certain cloud applications What is the primary function of Private Application access? - ANSWERS-To make secure connections into an organization's private applications based on policy for the user How do you create a custom IPS Signature? - ANSWERS-A custom IPS sig can be created in the ZIA admin portal using Snort syntax.nort is an open-source network intrusion detection and prevention system (IDS/IPS) that monitors network traffic and identifies potentially malicious activities on Internet Protocol (IP) networks. Cloud Sandbox: WHat are the four distinct stages of the CLoud Sandbox workflow? - ANSWERS-1. Cloud effect, (2) prefiltered, (3) behavioral analysis, (4) Post-processing What do we perform during the cloud effect stage of the cloud sandbox workload? - ANSWERS-Check MD5 hash of the file vs. blacklists from threat feeds and other observed samples in the cloud, What is a yara rule? Really? We are asking this in adv? - ANSWERS-A Yara rule is an open-source tool used by malware researchers to define specific patterns within a file, allowing them to identify and attribute malware samples
What happens in the post processing stage? - ANSWERS-Threat DB is updated to deliver immediate cloud effect and policy enforcement rules. AI-Driven Quarantine Effect of Cloud Sandbox: - ANSWERS-An AI-driven malware prevention engine intelligently identifies, quarantines, and prevents unknown or suspicious threats inline using advanced AI/ML without rescanning benign files. What is Command and Control technique? - ANSWERS-A technique used by attackers to communicate with compromised devices over a network. What does Votiro mean? - ANSWERS-A Content Disarm and Reconstruction (CDR) services which ensures the sanitization of files What does Zscaler Cloud Sandbox do? - ANSWERS-Automatically detects, prevents, and intelligently quarantines unknown threats and suspicious files Which of the following techniques is capable of detecting bad packets and taking an action? - ANSWERS-Advanced Threat Protection (ATP) Seek out potential threats with powerful detection capabilities, delivered globally from the Zero Trust Exchange platform - ANSWERS-IPS What does the Miragemaker module do? - ANSWERS-The Miragemaker module in Zscaler Deception allows you to configure and manage various ready-to-use resources that are typically used to build and deploy different types of decoys.
What is the "Cloud Effect" as it pertains to Cloud Sandbox? - ANSWERS-The MD5 hash of a file deemed malicious from Sandbox or threat feeds is uploaded to the cloud so that at any time any customer sees the same file, it will be blocked DP: What do we do if a customer changes the default risk score of an application? - ANSWERS-WE immediately readjust that risk score for that specific tenant, for that specific customer. DP: How does Shadow IT visibility influence your policy constructions? - ANSWERS-Based on risk score all apps that are higher than risk 4 should be auto blocked. Granular policy (ie all apps not PCI-certified cannot be used by finance team). DP: How does Zscaler classify the documents, and the data, automatically without an admin creating any rules? - ANSWERS-We use AI/ML we collected millions of docs, anonymized the data, and fed it to ALML DP: What does cloud application control allow you to do? - ANSWERS-Create excess control policies based on where the user is going and their activities DP: Which Zscaler capability protects your sensitive data contained in images? - ANSWERS-OCR DP: Which inline data protection capability differentiates between different instances of the same tenant and enables us to apply very granular policies? - ANSWERS-Posture management (WRONG?)
State whether the following statement is true or false: Zscaler can automatically classify documents and data without a data protection admin creating any rules, regex and policies. - ANSWERS-TRUE Select options that are true regarding Zscaler Outbound Email DLP (Select three). - ANSWERS-(1) Using outbound and inbound connectors, as well as mail flow rules, the Exchange server sends email to, and receives email from, the Zscaler smart host. (2) The Zscaler smart host receives the email and sends it to the Zscaler DLP service for inspection. The Zscaler DLP service then inspects the email content for sensitive data, adding headers that define DLP actions to emails that trigger outbound email policy. (3) When the Exchange server receives inspected email from the Zscaler smart host, it uses those headers to determine enforcement actions DP :What is parallel processing? - ANSWERS-Even when there is a match, we will continue to go down to the policy engine and be able to execute all the policies before we stop. DP at REST: WHat are the two focus areas of protecting data at rest? - ANSWERS-(1) how to prevent data loss. (2) How to protect against known and unknown threats? IDM (Indexed Document Match) allows organizations to do which of the following? - ANSWERS-Protect their unstructured data, e.g. files such as PDFs or other word documents How can sensitive data be effectively protected from BYOD? - ANSWERS-By using Browser Isolation
