Download Zscaler Digital Transformation Engineer (ZDTE) and more Exams Computer Security in PDF only on Docsity!
1 /
Zscaler Digital Transformation Engineer (ZDTE)
1. Which metrics are collected by Web Probes?: Page Fetch Time DNS Time
Server Response Time Availability
2. Which metrics are collected by Cloud Path Probes: Hop count
Packet loss Latency
3. What is a subcloud?: A subcloud is a subset of ZIA Public Service Edges, ZIA Private Service Edges, or both.
4. What do iOS and Android devices use to connect to the ZTE?: Zscaler Client Connector
5. What are the three levels of the Zscaler Multi-Tenant Cloud Security Architec- ture?: Central Authority
= The Brains Enforcement Nodes & Brokers = The Engines Logging Services = The Memory
6. If using subcloud, what variable is returned in the PAC file?: Gateway.subcloud.zs-
caler.net
7. If 2 App Connectors are insufficient for your number of apps, what should you do?: Install a third App
Connector.
8. How many active probes can a user have?: 7 for ZDX Standard
30 for ZDX Advanced or Advanced Plus
9. Which ZDX tier is required for Copilot?: ZDX Advanced Plus
10. What are some use cases of OneAPI: URL Filtering
2 / Application Access Management Configuring App Connector Groups
11. What is an HTTP code 429?: API rate limit exceeded
12. What are the four stages of the Cloud Sandbox workflow?: 1. Cloud Ettect
2. Prefiltered
3. Behavioral Analysis
4. Post-processing
13. What do we do if a customer changes the default risk score of an applica- tion?: We
immediately readjust that risk score for that specific tenant, for that specific customer.
14. What does OneAPI use for authentication?: OAuth
15. How does OneAPI simplify API integration?: By providing a single-entry point for accessing multiple
APIs.
16. Where does the API Gateway reside?: The Central Authority
17. How do you deploy GRE tunnels?: Configure two tunnels per site - primary and a backup to optimal
DCs.
18. What is the maximum bandwidth for each GRE tunnel?: 1 Gbps if not behind NAT. 250 Mbps if
behind NAT.
19. How do you configure IPsec tunnels?: Configure two tunnels per ISP per site - primary and a backup to
optimal DCs.
20. What is the maximum bandwidth for each IPsec tunnel?: 400 Mbps
21. How many IKEv2 SAs per IPsec tunnel?: No more than 8.
4 /
36. How does LDAP authenticate with Zscaler?: 1. Zscaler synchronizes users and groups with Active
Directory
2. Zscaler requests username
3. Zscaler requests password
4. Zscaler performs an LDAP BIND against Active Directory
5. If successful, Zscaler sends an authentication token to ZCC.
37. What are the physical Internet Service Edge types?: Service Edge 3 and Service Edge
- Each contains either 3 or 5 enforcement nodes and an Integrated Load Balancer. Deployed in pairs with LBs in active/active.
38. Where do you enable software and device inventory?: ZDX - Administration - Inventory
Settings - enable Data Collection
39. What is NSS?: Nanolog Streaming Service is used for logging in ZIA. User passes NSS logs for Web and FW to on-
premises or cloud SIEM. A certificate based TLS connection is made from the NSS virtual machine to Zscaler nanolog cluster.
40. What is LSS?: Log Streaming Service for ZPA. Uses the existing App Connector infrastructure to pull logs and
pass them through to the SIEM solution.
41. Which three components are used for Source IP Anchoring?: ZIA, ZPA, and App Connectors
42. What is Match Count?: Match Count is the threshold that triggers a dictionary or group of dictionaries. The
dictionary or dictionaries trigger only if they find more matches than the number specified.
43. What is tenancy restriction?: Allows you to restrict access either to personal accounts, business accounts, or
both for certain cloud applications.
44. For how long does Zscaler log every transaction?: Zscaler logs every transaction of every user or
endpoint for 180 full days.
5 /
45. What is Decpetion?: Deception is a cybersecurity technique that uses decoys to entice attackers and identify
their actions by impersonating actual assets within a network.
46. How does Deception fit int o the zero trust architecture?: Deception works as a threat detection layer of a
zero trust architecture, helping to detect and stop attacks that have been able to bypass existing defenses.
