ZDTE Study Guide || with Certified Answers.
Whats a common feature of SD-WAN GRE Tunnels and IPSec Tunnels? correct answers Provide
secure communication between different network segments
What are the challenges of extending legacy network and security to the public cloud? correct
answers Creating VPCs and VNETs add overhead. Increases attach surface.
What are the use cases for ZT Cloud? correct answers Workload to internet, intracloud, multi-
cloud, hybrid?
What is the purpose of a GRE tunnel in the ZTE? correct answers To load balance traffic
properly
What two items most accurately describe ZT connectors? correct answers 1. Access is granted
but never shared at the network layer
2. Independent of anyh network for control or trust
Main advantage of using an SD-WAN vendor to connect ot Zscaler over tranditional routers?
correct answers One-click configuration of the connection.
What prevents unauthorized SD-WAN router connections to the Zscaler service? correct answers
The partner key
Which tunnel types does Zscaler support between a router and a Zscaler data center? correct
answers GRE & IPSEC
T/F - GRE Tunnels should always be deployed in pairs for redundancy? correct answers True
Private Service Edge - what's the workflow? correct answers 1. User Connects to PSE
2. PSE --> Express Route or VPN to ZPA CC or DC Connector
,3. Connector to ZS. cloud to validate
Private Service Edge - how to configure? correct answers 1. Inbound 443, Unique IP, CC needs
to comm with PSE IP and app conn
2. CC makes decision on what is closest based on client.
3. Create intermediate CA under enrollment derts,
4. Create a SE group per location
5. Get provisioning key and load on PSE
6. Host finger print and private keys encrypted
7. Service end validates app and client keys through PKI trust
Virtual Service Edge - What is supported? correct answers ZIA: ESXi, VMW on AWS, Azure,
GCP
ZPA: ESXi, HyperV, AWS, Azure, GCP
VSE - what performance to expect on SSL inspection correct answers 600MB/sec
VSE - what's the routing config? correct answers EM0 = Mgmt
EM1 = Proxy
EM2 = Load Balancer IP
What are the reporting options for service edges? correct answers Interactive, executive,
forensic, historical sandbox, patrient Zero, threat insights
What is the purpose of the logging architecture in the ZTE? correct answers Analyze user
activity and perform analytics for future policy decisions
, Use cases for traffic forwarding (source IP anchoring) correct answers 1. Apps that restict client
IP
2. Set up auth (O365)
3. Geo-located based on source IP
4. Provided by app connector on PSE
5. ZIA apps requiring a known source
How to configure source IP anchoring correct answers 1. Create app seg and enable source IP
anchor
2. Define Service Group, Connector Group
3. Create fwd policy
4. In ZIA add gateway rule for app segment
How does Zscaler reduce the amount of data passed in log transactions correct answers
Compress and tokenize the log data
What are the two types of PSEs? correct answers ZPA PSE and ZIA PSE
What components are involved in traffic forwarding in the Source IP anchoring process? correct
answers Zscaler Internet Access, Zscaler Private Access, Zscaler App Connector
Which of the following platforms can Zscaler Private Service Edge be deployed on? correct
answers VMW, HyperV, AWS, Azure
What are the deployment options for a Physical Service Edge? (Select two) correct answers
Single-arm, dual-arm
How can an organization configure Source IP anchoring in Zscaler? correct answers By enabling
the Source IP anchor flag in ZPA admin portal
Whats a common feature of SD-WAN GRE Tunnels and IPSec Tunnels? correct answers Provide
secure communication between different network segments
What are the challenges of extending legacy network and security to the public cloud? correct
answers Creating VPCs and VNETs add overhead. Increases attach surface.
What are the use cases for ZT Cloud? correct answers Workload to internet, intracloud, multi-
cloud, hybrid?
What is the purpose of a GRE tunnel in the ZTE? correct answers To load balance traffic
properly
What two items most accurately describe ZT connectors? correct answers 1. Access is granted
but never shared at the network layer
2. Independent of anyh network for control or trust
Main advantage of using an SD-WAN vendor to connect ot Zscaler over tranditional routers?
correct answers One-click configuration of the connection.
What prevents unauthorized SD-WAN router connections to the Zscaler service? correct answers
The partner key
Which tunnel types does Zscaler support between a router and a Zscaler data center? correct
answers GRE & IPSEC
T/F - GRE Tunnels should always be deployed in pairs for redundancy? correct answers True
Private Service Edge - what's the workflow? correct answers 1. User Connects to PSE
2. PSE --> Express Route or VPN to ZPA CC or DC Connector
,3. Connector to ZS. cloud to validate
Private Service Edge - how to configure? correct answers 1. Inbound 443, Unique IP, CC needs
to comm with PSE IP and app conn
2. CC makes decision on what is closest based on client.
3. Create intermediate CA under enrollment derts,
4. Create a SE group per location
5. Get provisioning key and load on PSE
6. Host finger print and private keys encrypted
7. Service end validates app and client keys through PKI trust
Virtual Service Edge - What is supported? correct answers ZIA: ESXi, VMW on AWS, Azure,
GCP
ZPA: ESXi, HyperV, AWS, Azure, GCP
VSE - what performance to expect on SSL inspection correct answers 600MB/sec
VSE - what's the routing config? correct answers EM0 = Mgmt
EM1 = Proxy
EM2 = Load Balancer IP
What are the reporting options for service edges? correct answers Interactive, executive,
forensic, historical sandbox, patrient Zero, threat insights
What is the purpose of the logging architecture in the ZTE? correct answers Analyze user
activity and perform analytics for future policy decisions
, Use cases for traffic forwarding (source IP anchoring) correct answers 1. Apps that restict client
IP
2. Set up auth (O365)
3. Geo-located based on source IP
4. Provided by app connector on PSE
5. ZIA apps requiring a known source
How to configure source IP anchoring correct answers 1. Create app seg and enable source IP
anchor
2. Define Service Group, Connector Group
3. Create fwd policy
4. In ZIA add gateway rule for app segment
How does Zscaler reduce the amount of data passed in log transactions correct answers
Compress and tokenize the log data
What are the two types of PSEs? correct answers ZPA PSE and ZIA PSE
What components are involved in traffic forwarding in the Source IP anchoring process? correct
answers Zscaler Internet Access, Zscaler Private Access, Zscaler App Connector
Which of the following platforms can Zscaler Private Service Edge be deployed on? correct
answers VMW, HyperV, AWS, Azure
What are the deployment options for a Physical Service Edge? (Select two) correct answers
Single-arm, dual-arm
How can an organization configure Source IP anchoring in Zscaler? correct answers By enabling
the Source IP anchor flag in ZPA admin portal
