Download Zscaler EDU-200 MC Exam 2025 – Verified & A+ Rated Questions and Answers. and more Exams Computer Science in PDF only on Docsity!
Verified & A+ Rated Questions and
Answers.
What is a watering hole attack? Answer: When a commonly known website has malicious content like malicious JavaScript running on it. What features of the Zero Trust Exchange reduce attack surface? Answer: Privileged Remote Access Private Access to applications What features of the Zero Trust Exchange stop initial compromise? Answer: Secure Web Gateway Advanced Threat Prevention Cloud Sandbox Cloud Firewall/IPS Browser Isolation What features of the Zero Trust Exchange stop lateral movement? Answer: Deception Policy Segmentation with ZPA What features of the Zero Trust Exchange will prevent data loss? Answer: Cloud Sandbox Secure Web Gateway Browser Isolation DLP (At rest and in motion)
Verified & A+ Rated Questions and
Answers.
What does Advanced Threat Protection do? Answer: It is part of Zscaler's Secure Web Gateway portfolio within ZIA. It protects users going out to the internet against common attacks such as phishing. What services are part of Advanced Threat Protection? Answer: URL Security Categories, Content Types, Reputation, Signatures & IPS, and ML and Adv. Analysis What are exploit kits? Answer: Malicious code that exploits vulnerabilities in browsers. What is pre-existing compromise? Answer: Compromise or unauthorized access is initially executed by a different operator and then it is sold to the highest bidder. What services are available to protect data in motion? Answer: Cloud, Endpoint, Email, and Private Apps DLP What is a DLP dictionary? Answer: Algorithms that detect specific kinds of information in traffic. Can trigger on EDM. What is Azure Information Protection (AIP) / Microsoft Information Protection (MIP) Labels? Answer: Provides sensitivity labels, which you can use to identify and protect files with sensitive content. MIP labels are maintained by Microsoft and, through the addition of an MIP Account in the ZIA Admin Portal, these labels can be retrieved from Microsoft so that they can be used when defining a DLP policy in the ZIA admin portal.
Verified & A+ Rated Questions and
Answers.
ZIA, ZPA, ZDX
How is browser access configured in ZPA? Answer:
- Acquire web server certificate (upload existing certificate or create certificate signing request for web server certificate)
- Define browser access app by creating or editing an application segment What is a patient 0 alert? Answer: Occurs when a user downloads an unknown file that is scanned and found to be malicious. This will generate if the first-time action of a Sandbox rule allows users to download files that match the rule criteria and Sends the files to the Sandbox for behavioral analysis. To ensure Zero Trust, users should not be connected to _____________, but to the application. The network 3 multiple choice options Zero Trust is about which of the following? Answer: Connecting the right user, workload or machine to the right application, based on business policy 3 multiple choice options Is URL filtering or Cloud App Control better suited to control access to specific web applications? Answer: Cloud App Control
Verified & A+ Rated Questions and
Answers.
What is used to detect if a SAML assertion was modified after being issued? Answer: Digital Signatures 3 multiple choice options How is a SAML assertion delivered to Zscaler? Answer: The IdP sends it via the user's browser to the SP (Uses a form POST submitted via JavaScript) 3 multiple choice options In what way does Zscaler's Identity Proxy enable authentication to SaaS applications? Answer: Issuing SAML assertions 3 multiple choice options How does Zscaler Internet Access authenticate users? Answer: (Select 3) Options:
- SAML
- SCIM
- LDAP
- Hosted Database SAML, LDAP, Hosted Database
Verified & A+ Rated Questions and
Answers.
Every 2 hours 3 multiple choice options Which check guarantees identification of a corporate-managed device by the Zscaler Client Connector? Answer: Client Certificate & Non-Exportable private key You want Zscaler Client Connector to automatically redirect to your corporate SAML IDP on launch. Which installer options should you configure to do so? Answer: (Select
cloudName userDomain Where is the control to prevent a user from exiting Zscaler Client Connector? Answer: In the Application Profile 3 multiple choice options When moving from an Explicit Proxy to a Tunneled/Transparent Proxy - what, if any, effects will be seen on the client? Answer: (Select 3) Options:
- No Effect
- The client will always resolve DNS
- The client browser needs re-configuration
Verified & A+ Rated Questions and
Answers.
- Authenticated websites may no longer work
- An Explicit Proxy and a Transparent Proxy are the same thing The client will always resolve DNS The client browser needs re-configuration Authenticated websites may no longer work What benefits does a Zscaler Tunnel have over other forwarding mechanisms for Zscaler Client Connector? Answer: Tunnels encapsulate traffic and authenticate to the Zero Trust Exchange 3 multiple choice options Browser Based Access enables what kinds of applications to be published? Answer: HTTP and HTTPS 3 multiple choice options Why is Z-Tunnel 2.0 superior to Z-Tunnel 1.0? Answer: (Select 3) Options:
- Provides a control channel to update device
- Faster transport mechanism
- Allows multicast traffic
- Enables Cloud Firewall
- Z-Tunnel 1.0 is no longer supported Provides a control channel to update device Faster transport mechanism
Verified & A+ Rated Questions and
Answers.
- Destination Port Translation
- Source IP Translation to static IP
- Destination IP Translation to static IP
- Source Port Translation
- Destination IP Translation to FQDN Destination Port Translation Destination IP Translation to static IP Destination IP Translation to FQDN What is the purpose of the Client Forwarding policy? Answer: It defines which Application Segments definitions are downloaded by the Zscaler Client Connector 3 multiple choice options In Zscaler Private Access policy, which criteria can be used to control access? Answer: (Select 3) Options
- Zero Trust Exchange data center
- SAML or SCIM Attribute
- Client Connector Posture and Trusted Network
- Client Type
- Zscaler Internet Access Enabled SAML or SCIM Attribute Client Connector Posture and Trusted Network
Verified & A+ Rated Questions and
Answers.
Client Type Which are the acceptable actions for Firewall policy? Answer: (Select 3) Options:
- Allow
- Block/Drop
- Block/Reset
- Block/FIN+ACK
- Redirect Allow Block/Drop Block/Reset What options for TLS Inspection Certificates are available? Answer: (Select 2) Options:
- Zscaler Root Certificate Authority
- Customer Root Certificate Authority
- Verisign Root CA
- Microsoft Azure Certificate Authority Zscaler Root Certificate Authority Customer Root Certificate Authority Do most organizations around the world inspect 100% of all SSL/TLS encrypted traffic? Answer:
Verified & A+ Rated Questions and
Answers.
Which of the following statements are correct regarding Call Quality Monitoring? Answer: ZDX supports call quality monitoring for both Zoom and Teams 3 multiple choice options A Cloud Path supports the following protocols for probing: (Select 3)
- BGP
- ICMP
- TCP
- UDP ICMP TCP UDP What aspects of the user experience does ZDX monitor? Answer: Application, Device, and Network, along with data received from Microsoft Teams and Zoom Integration You can operationalize ZDX Alerting by feeding the alerts into your existing tools using: (Select 2) Options:
Verified & A+ Rated Questions and
Answers.
- DNS
Email Webhooks ZDX Deep Tracing can be leveraged to get granular data on demand from a user's device. How granular can the probing frequency get? Answer: 1 minute 3 multiple choice options Which of the ZDX functionalities leverages Machine Learning to assist with Automated Root Cause Analysis? Answer: Y-Engine 3 multiple choice options To be able to monitor the Zoom or Teams call quality statistics using ZDX, which of the following requirements must be met? Answer: (Select 2) Options:
- All the Zoom and Teams traffic should traverse over ZIA
- The Zoom and Teams tenants should be added under the Applications tab
- Zoom and Teams traffic can traverse via ZIA or directly without ZIA
- Teams and Zoom traffic has to traverse over ZPA so that we SSL decrypt it and provide statistics
- Teams and Zoom traffic has to traverse over both ZIA and ZPA The Zoom and Teams tenants should be added under the Applications tab
Verified & A+ Rated Questions and
Answers.
3 multiple choice options What is the function of the auto proxy forwarding firewall configuration? Answer: Automatically detecting web traffic (e.g., FTP, HTTPS) coming in on non-standard ports and forwarding it to Zscaler's proxy 3 multiple choice options What is the best practice for a cloud-gen firewall in terms of having default rules? Answer: Block everything and start allowing what your users need to access 3 multiple choice options Why is it important for a cloud-gen firewall to implement DPI signatures? Answer: Evasive apps like BitTorrent can often disguise themselves as coming from a standard port, and it is critical to identify and block these applications 3 multiple choice options How are Newly Observed Domains (NODs) different than Newly Registered Domains (NRDs)? Answer: NRDs were registered recently, whereas NODs may have been registered some time ago but have never been observed with actual clients visiting them, which makes them suspicious What is the Zscaler Page Risk score? Answer: The Page Risk score is a slider on the Advanced Threat Protection configuration page, which allows a user to pre-select what level of risk they are comfortable with on particular
Verified & A+ Rated Questions and
Answers.
websites; the risk itself is computed on a scale of 0-100 by looking at several factors including the top-level domain, the user agent, whether certain HTTP headers are missing, whether a high-entropy domain name is being used, and several other factors What is Ransomware? Answer: Malware that steals data and encrypts it Once a phishing attack occurs and a user is directed to malicious content, which of the following typically occurs? Answer: One or more files are downloaded, with the attacker also attempting to download secondary payloads onto the user's machine The establishing of an outbound connection from the user's device using an outbound command and control channel to an adversaries' infrastructure Full control over the endpoint by the adversary What is Zscaler ThreatLabZ? Answer: A best-in-class security threat research team of more than 100+ security researchers who analyze security trends and help keep Zscaler's signature databases up to date What is a spear phishing attack? Answer: A type of attack in which malicious files or attachments can be used in an email, luring the user to open it Contextual DLP policy includes (Select 3): File Type Control Cloud App Control
Verified & A+ Rated Questions and
Answers.
EDM (Exact Data Match) is an advanced DLP feature that does which of the following? Answer: EDM enables organizations to perform a structured data match on specific types of data, e.g. a column of credit card numbers OCR (Optical Character Recognition) is necessary for which of the following? Answer: OCR helps protect sensitive data in images, image files and handwritten texts To protect sensitive data, organizations must inspect the content inline with data classification capabilities such as predefined dictionaries, custom dictionaries, etc. (True or False) TRUE SSPM (SaaS Security Posture Management) enables organizations to find which of the following: Cloud misconfigurations and compliance violations Zscaler offers fully integrated data protection for all channels, which includes: (Select 3) Cloud channels such as data in motion or data-at-rest in SaaS applications
Verified & A+ Rated Questions and
Answers.
Endpoint Email What is a possible data exfiltration channel? Answer: Cloud based personal email, file sharing, and collaboration tools How do most major security breaches begin? Answer: An attacker finding your attack surface With Zero Trust, if we use the analogy of publishing your phone number, then: Your phone number is unpublished and only authorized parties can call you SSL inspection is important in order to see What's good and what's bad inside a connection, since most connections are encrypted, in order to understand if there is any malware coming in and/or if there's any sensitive data leaking out.
