Download ZDTE Exam Study Guide Questions and Answers and more Exams Nursing in PDF only on Docsity!
ZDTE. Study Guide
Whats a common feature of SD-WAN GRE Tunnels and IPSec Tunnels? - Answer-Provide secure communication between different network segments What are the challenges of extending legacy network and security to the public cloud? - Answer- Creating VPCs and VNETs add overhead. Increases attach surface. What are the use cases for ZT Cloud? - Answer-Workload to internet, intracloud, multi-cloud, hybrid? What is the purpose of a GRE tunnel in the ZTE? - Answer-To load balance traffic properly What two items most accurately describe ZT connectors? - Answer-1. Access is granted but never shared at the network layer
- Independent of anyh network for control or trust Main advantage of using an SD-WAN vendor to connect ot Zscaler over tranditional routers? - Answer- One-click configuration of the connection. What prevents unauthorized SD-WAN router connections to the Zscaler service? - Answer-The partner key Which tunnel types does Zscaler support between a router and a Zscaler data center? - Answer-GRE & IPSEC
T/F - GRE Tunnels should always be deployed in pairs for redundancy? - Answer-True Private Service Edge - what's the workflow? - Answer-1. User Connects to PSE
- PSE --> Express Route or VPN to ZPA CC or DC Connector
- Connector to ZS. cloud to validate Private Service Edge - how to configure? - Answer-1. Inbound 443, Unique IP, CC needs to comm with PSE IP and app conn
- CC makes decision on what is closest based on client.
- Create intermediate CA under enrollment derts,
- Create a SE group per location
- Get provisioning key and load on PSE
- Host finger print and private keys encrypted
- Service end validates app and client keys through PKI trust Virtual Service Edge - What is supported? - Answer-ZIA: ESXi, VMW on AWS, Azure, GCP ZPA: ESXi, HyperV, AWS, Azure, GCP VSE - what performance to expect on SSL inspection - Answer-600MB/sec VSE - what's the routing config? - Answer-EM0 = Mgmt EM1 = Proxy EM2 = Load Balancer IP
What are the deployment options for a Physical Service Edge? (Select two) - Answer-Single-arm, dual- arm How can an organization configure Source IP anchoring in Zscaler? - Answer-By enabling the Source IP anchor flag in ZPA admin portal What is the role of Nanolog Streaming Service (NSS) in log streaming for Zscaler Internet Access? - Answer-It creates outbound connections to the log infrastructure for log streaming What are the benefits of Cloud-to-Cloud Log Streaming? - Answer-Increased reliability and scalability due to cloud-native traffic flow What is the main function of ZPA Private Service Edge? - Answer-Managing connections between Zscaler Client Connector and App Connectors Source IP Anchoring provides what functionalities? (Select three) - Answer-1. Policy based forwarding through the App Connector
- Content scanned by the Zero Trust Exchange
- Public IP of the App Connector Why would you deploy a ZPA Private Service Edge? (Select three) - Answer-1. Disaster Recovery
- Consistent User Experience
- Prevent Lateral Movement on a trusted campus network Why would you deploy a ZIA Private Service Edge? (Select three) - Answer-1. Geo-Localization
- Source IP address Preservation
- High Bandwidth Sites
ZIA Private Service Edge is available in which form factors? - Answer-Physical and Virtual What is one benefit of integrating ZDX into Servicenow? - Answer-Streamlined process and improved efficiency ZDX - What type of data does device inventory provide? - Answer-Current info about org devices and users ZDX Admin access levels? - Answer-Full, View Only, Custom, None Which metric is the most significant in computing a ZDX Score? - Answer-PFT Which action is not a response to an alert trigger in ZDX? - Answer-Automatic system shutdown What does software reliability feature help identify? - Answer-Problems with software and apps What is one benefit of conducting a deep tracing session? - Answer-It helps pinpointing the root causes of problems. What is the purpose of the Smooth ZDX score? - Answer-Reduce noise and variance What criteria can be used to define alert rules in ZDX? - Answer-DNS, PFT, etc ZDX Co-pilot purpose - Answer-ZDX Copilot uses advanced AI and ML to enhance digital experiences by providing proactive insights and recommendations
How does Zscaler Hosted Monitoring support business growth? - Answer-By providing reliable performance data for new applications or regional expansions What is one of the key features of Data Explorer that allows users to handle data effortlessly for creating customized reports? - Answer-Data manipulation On the ZDX Dashboard, where can you go to get an overview of global or regional issues that may be occurring with users accessing a selected application? - Answer-Cloud Path Graph??? [Think I got this wrong] What are the benefits of running a Deep Tracing Session? (Select 2) - Answer-1. Web Probe and Cloud Path Probe metrics are collected every minute
- You can see process-level information for a user In the Users Dashboard, where can you go to view the path from the user's device to the application in order to drill down on details such as Latency, Packet Loss, or Hop Count? - Answer-Hop View in the Cloud Path section ZDX dependencies for internal apps? - Answer-Before you configure internal applications, confirm that your organization's deployed Client Connectors and App Connectors meet the system requirements. Zscaler Client Connector version 3.6.1 for Windows and App Connector 21.224.1 are required for this ZPA support. What permissions are required to config Teams call quality monitoring? - Answer-Admin to auth O365 + accept permissions for accessing user and call record data via MSFT Graph API What does cloud path probe do? - Answer-Cloud Path Probe - helps ID which hop caused highest latency from user to app How to initiate deep tracing? - Answer-Deep Tracing
Initiate through (1) Deep Tracing in admin menu, (2) Shortcut on user overview, (3) User details page ZDX - What Alert Types can be Configured? - Answer-App, Device, Network ZDX - Recommended best practice when configuring probes for internal apps. - Answer-Only select user groups, departments, and locations that actually use the app. What metrics are collected by the Web Probe (4): - Answer-Page Fetch Time, DNS time, Server Response Time, Availability What configuration items are included with a predefined application? - Answer-Cloud Path Probe and Web Probe What level of privileges is required to authenticate a ZDX tenant with MSFT Graph API? - Answer-User and call record What aspects of the user experience does ZDX monitor? - Answer-Application, Device, and Network, along with data received from Microsoft Teams and Zoom Integration What are the two probe types that are configured while configuring an application in the ZDX Administrator portal? - Answer-Web Probe and Cloudpath Probes The ZDX Web Probe provides which of the following metrics? - Answer-Page Fetch Time, DNS Time, Server Response Time, and Availability Which of the following statements are correct regarding Call Quality Monitoring? - Answer-ZDX supports call quality monitoring for both Zoom and Teams
What are the benefits of DNS control? - Answer-Fasted front door cloud-effect unresolved queiries detailed logging granular security Cloud firewall Predefined apps: - Answer-Youtube, Google, MSFT, AWS, Slack, Dropbox, Webex, Zoho, GCP, IBM smartcloud Cloud FW: What is an example of the granular policies for tenant restriction? - Answer-Grant access to gmail app but deny uploading any files to it to contractors Cloud FW: What are the two versions of tenant restriction? V1 and V2 - Answer-The difference between these two is in version one, you have to give just the information about the tenant directory ID, tenant profile name, which are oftentimes available in the Microsoft 365 admin console. And once you give that, you are basically restricting that particular third party or contractor to only access their tenants. They cannot access your parent organization tenants. So that's what version one does. In version two, things are much more advanced. Microsoft has done some additional capabilities around tenancies where you not only define whether the third party can access their tenant or not. CFW: Select the options that are relevant to Zscaler's Intusion Prevention System capability (Select two)
- Answer-(1) Core security capabilities (2) IPS info also leveraged in individual risk WHich type of segmentation allows us to uniquely identify each application or process and automate least privileged models for workload communications? - Answer-User to application segmentation.
What are the three bits of info you require to begin configuring Private app access? - Answer-(1) Where hosted, (2) What is the app, (3) Who should have access? Using Zscaler's cloud app control policy, is it possible to define a rule for instant messaging apps that allows chatting, but blocks file transfers? - Answer-YES How many key engines does the Zscaler Firewall Module have? - Answer-FOUR State whether the following statement is true or false: At a minimum, it's required that you deploy two app connectors to provide a degree of fault tolerance as this allows for failover, resiliency, such as when performing upgrades to the app connectors. - Answer-TRUE What is the purpose of the DPI engine in the Firewall Module? - Answer-The DPI engine helps to identify threats and block ports [NOT RIGHT?] What is the name of the new location type that Zscaler has introduced to support work from anywhere workforce? - Answer-Road Warrior Zscaler offers centralized visibility of all the end users' traffic, irrespective of location, device, and the destination they're trying to reach. - Answer-True State whether the following statement is true or false: Zscaler DNS resolvers are built upon an open source DNS servers technology component for faster resolution. - Answer-True How does Zscaler implement DNS to optimize the path to internet applications? - Answer-Zscaler's built- in DNS resolvers at 150 data centers globally, which intercept DNS requests and provide recursive DNS resolution for identifying low-latency paths to the end destination or SaaS application
AI-Driven Quarantine Effect of Cloud Sandbox: - Answer-An AI-driven malware prevention engine intelligently identifies, quarantines, and prevents unknown or suspicious threats inline using advanced AI/ML without rescanning benign files. What is Command and Control technique? - Answer-A technique used by attackers to communicate with compromised devices over a network. What does Votiro mean? - Answer-A Content Disarm and Reconstruction (CDR) services which ensures the sanitization of files What does Zscaler Cloud Sandbox do? - Answer-Automatically detects, prevents, and intelligently quarantines unknown threats and suspicious files Which of the following techniques is capable of detecting bad packets and taking an action? - Answer- Advanced Threat Protection (ATP) Seek out potential threats with powerful detection capabilities, delivered globally from the Zero Trust Exchange platform - Answer-IPS What does the Miragemaker module do? - Answer-The Miragemaker module in Zscaler Deception allows you to configure and manage various ready-to-use resources that are typically used to build and deploy different types of decoys. Which of the following Zscaler's capabilities allows users to gain instant access to the content of potential zero day productivity files? - Answer-Browser Isolation Safe Document Rendering Within Zscaler Zero Trust Exchange architecture, which of the following services is comparable with a Web Application Firewall (WAF)? - Answer-Private App Protection
Which of the following technologies allows you to define criteria for selecting specific web traffic and apply an isolation profile to ensure secure browsing? - Answer-Contextual aware Protection Customers can bring their own custom signatures to create custom IPS rules as a part of Zscaler's cloud firewall functionality. - Answer-TRUE Why is it important to use IPS to look at traffic on non-standard ports? - Answer-It is common for attackers to sometimes use non-standard ports for well known applications - e.g. running a web server on port 8999 How does Zscaler protect against unknown malicious files? - Answer-With Cloud Sandbox, ZIA can detonate unknown files in an isolated environment and then use dynamic analyses to mark the file as malicious What technology can help in protecting users from websites running never seen before malicious javascript? - Answer-Browser Isolation can be used to safely render websites through a pixelated stream eliminating any malicious javascript from executing What is the "Cloud Effect" as it pertains to Cloud Sandbox? - Answer-The MD5 hash of a file deemed malicious from Sandbox or threat feeds is uploaded to the cloud so that at any time any customer sees the same file, it will be blocked DP: What do we do if a customer changes the default risk score of an application? - Answer-WE immediately readjust that risk score for that specific tenant, for that specific customer. DP: How does Shadow IT visibility influence your policy constructions? - Answer-Based on risk score all apps that are higher than risk 4 should be auto blocked. Granular policy (ie all apps not PCI-certified cannot be used by finance team). DP: How does Zscaler classify the documents, and the data, automatically without an admin creating any rules? - Answer-We use AI/ML we collected millions of docs, anonymized the data, and fed it to ALML
DP : What action does Zscaler take when it identifies an unknown content? - Answer-Completely unknown assets are sandboxed and wait for a verdict from our cloud sandbox and trigger remediation actions DP: What action does Zscaler take when it identifies malicious content? - Answer-Triggers quarantine DP: While protecting against malware, what action will Zscaler take if an external colloborator injected a PDF that happens to be a known malware? - Answer-Zscaler will identify that the PDF has malicious content and will trigger quarantine action. DP: As part of protection against malware, what action will Zscaler take when it finds an asset that is completely unknown? - Answer-Zscaler will sandbox the unknown content, wait for the verdict from the cloud sandbox and accordingly trigger a remediation action. DP: State whether the following statement is true or false: Incident Management is a policy protects your traffic from fraud, unauthorized communication, and other malicious objects and scripts. - Answer- FALSE When you do data loss prevention (DLP) for your data at rest scanning, why do we utilize the same DLP policies that you have built for your in-line data protection? - Answer-We utilize those DLP policies to identify, analyze, and resolve misconfigurations.[oddly worded I think I got this wrong] What is Workflow Automation? - Answer-It is a capability that allows organizations to automate Incident Management in order to remediate data protection incidents State whether the following statement is true or false: In case of on -prem incident receiver, you can setup a VM and deploy it to archive all the DLP violations - Answer-FALSE... maybe State whether the following statement is true or false: Incident Management is a policy protects your traffic from fraud, unauthorized communication, and other malicious objects and scripts. - Answer-TRUE
IDM (Indexed Document Match) allows organizations to do which of the following? - Answer-Protect their unstructured data, e.g. files such as PDFs or other word documents How can sensitive data be effectively protected from BYOD? - Answer-By using Browser Isolation Which DLP tool allows administrators to see how risky an application is? - Answer-Risk Score How does Browser Isolation function? - Answer-By isolating the browser from the actual content and sending a pixel stream (image) of the content rather than the actual content What is the main benefit of DLP Parallel Processing? - Answer-Provides extreme flexibility and granularity of DLP policy by not stopping processing at the first policy match
