Zscaler EDU 200 - Essentials - ZDTA Study
Guide (Questions and Answers) | Latest
Edition
1. Designed to enhance your data security by providing comprehensive
visibility and management of data at rest within public clouds. - ANSWER
Zscaler Data Security Posture Management or DSPM
2. A powerful risk quantification and visualization framework for remediating
cybersecurity risk. It ingests real data from external sources and your Zscaler
environment to generate a detailed profile of your risk posture. - ANSWER
Risk360
3. What is used to detect if a SAML assertion was modified after being issued?
Options:
- XML
- Digital Signatures
- Attributes
- Tokens - ANSWER Digital Signatures
4. How does Zscaler Internet Access authenticate users? (Select 3)
Options:
- SAML
- SCIM
- LDAP
- Hosted Database - ANSWER SAML, LDAP, Hosted Database
,5. How does Zscaler Private Access authenticate end users?
Options:
- Username and Password in a form-based auth
- Hosted DB
- SAML
- SCIM - ANSWER SAML
6. What is the fastest way to change a user's access entitlements? - ANSWER
Send different attributes via SCIM
7. What are the initial steps in ZPA policy evaluation? - ANSWER The
Zscaler Client Connector connects to the ZPA Public or Private Service
Edge, evaluates SAML/SCIM attributes and device posture, and establishes
a Client Forwarding policy.
8. The Zscaler Client Connector connects to the ZPA Public or Private Service
Edge, evaluates SAML/SCIM attributes and device posture, and establishes
a Client Forwarding policy. - ANSWER The Zscaler Client Connector
connects to the ZPA Public or Private Service Edge, evaluates SAML/SCIM
attributes and device posture, and establishes a Client Forwarding policy.
9. The Zscaler Client Connector connects to the ZPA Public or Private Service
Edge, evaluates SAML/SCIM attributes and device posture, and establishes
a Client Forwarding policy. - ANSWER The Zscaler Client Connector
connects to the ZPA Public or Private Service Edge, evaluates SAML/SCIM
attributes and device posture, and establishes a Client Forwarding policy.
,10.In order for Zscaler to enforce policy based on accessing devices, what
method is best used by IdPs to share information about a user's accessing
device?
Options
- Kerberos
- SAML
- Header Injection
- Mobile Device Management - ANSWER SAML
11.What are the basic building blocks for DLP. - ANSWER Predefined
dictionaries, Custom dictionaries, and the Engines
12.Arrange Five Phase Approach of Deploying TLS Inspection
- Pre-work, Root CA Enrollment, Initial Roll-out, Measure & Report 5,
Extended Roll-out
- Access Control, Pre-work, Measure & Report, Root CA Enrollment,
Extended Roll-out
- Hardcoded Certificate, Pre-work, Measure & Report, Initial Roll-out,
Extended Roll-out
- Strict Reinforcement, Root CA Enrollment Pre-work, Measure &
Report, Extended Roll-out - ANSWER - Pre-work, Root CA
Enrollment, Initial Roll-out, Measure & Report 5, Extended Roll-out
13.What determines the order of processing for web proxy rules in Zscaler? -
ANSWER All rules are processed top-down, first-match.
14.What does the Admin Rank define in Zscaler's Web Proxy Rules -
ANSWER It specifies which administrators can manage the rule, with
administrators of equal or lower rank able to manage those rules.
, 15.What are the criteria considered in Zscaler's DLP rules? - ANSWER DLP
Engines, Cloud Application information, file type, minimum size, Users,
Groups, Departments, Locations, Location Groups, Time, and Protocols
(HTTP, HTTPS, or native FTP).
16.How is a SAML assertion delivered to Zscaler?
Options:
- The IdP sends it via an HTTP post directly to the SP via a backend
API
- The SP sends it via an HTTP post directly to the IdP via a backend
API
- The IdP sends it via the user's browser to the SP
- The SP sends it via a trusted authority to the IdP - ANSWER The IdP
sends it via the user's browser to the SP
(Uses a form POST submitted via JavaScript)
In what way does Zscaler's Identity Proxy enable authentication to SaaS
applications?
Options:
- Injecting identity headers into the HTTP request
- SSL Inspection
- Browser Isolation
- Issuing SAML assertions - ANSWER Issuing SAML assertions
Privileged Remote Access supports which protocols? (Select 2)
Guide (Questions and Answers) | Latest
Edition
1. Designed to enhance your data security by providing comprehensive
visibility and management of data at rest within public clouds. - ANSWER
Zscaler Data Security Posture Management or DSPM
2. A powerful risk quantification and visualization framework for remediating
cybersecurity risk. It ingests real data from external sources and your Zscaler
environment to generate a detailed profile of your risk posture. - ANSWER
Risk360
3. What is used to detect if a SAML assertion was modified after being issued?
Options:
- XML
- Digital Signatures
- Attributes
- Tokens - ANSWER Digital Signatures
4. How does Zscaler Internet Access authenticate users? (Select 3)
Options:
- SAML
- SCIM
- LDAP
- Hosted Database - ANSWER SAML, LDAP, Hosted Database
,5. How does Zscaler Private Access authenticate end users?
Options:
- Username and Password in a form-based auth
- Hosted DB
- SAML
- SCIM - ANSWER SAML
6. What is the fastest way to change a user's access entitlements? - ANSWER
Send different attributes via SCIM
7. What are the initial steps in ZPA policy evaluation? - ANSWER The
Zscaler Client Connector connects to the ZPA Public or Private Service
Edge, evaluates SAML/SCIM attributes and device posture, and establishes
a Client Forwarding policy.
8. The Zscaler Client Connector connects to the ZPA Public or Private Service
Edge, evaluates SAML/SCIM attributes and device posture, and establishes
a Client Forwarding policy. - ANSWER The Zscaler Client Connector
connects to the ZPA Public or Private Service Edge, evaluates SAML/SCIM
attributes and device posture, and establishes a Client Forwarding policy.
9. The Zscaler Client Connector connects to the ZPA Public or Private Service
Edge, evaluates SAML/SCIM attributes and device posture, and establishes
a Client Forwarding policy. - ANSWER The Zscaler Client Connector
connects to the ZPA Public or Private Service Edge, evaluates SAML/SCIM
attributes and device posture, and establishes a Client Forwarding policy.
,10.In order for Zscaler to enforce policy based on accessing devices, what
method is best used by IdPs to share information about a user's accessing
device?
Options
- Kerberos
- SAML
- Header Injection
- Mobile Device Management - ANSWER SAML
11.What are the basic building blocks for DLP. - ANSWER Predefined
dictionaries, Custom dictionaries, and the Engines
12.Arrange Five Phase Approach of Deploying TLS Inspection
- Pre-work, Root CA Enrollment, Initial Roll-out, Measure & Report 5,
Extended Roll-out
- Access Control, Pre-work, Measure & Report, Root CA Enrollment,
Extended Roll-out
- Hardcoded Certificate, Pre-work, Measure & Report, Initial Roll-out,
Extended Roll-out
- Strict Reinforcement, Root CA Enrollment Pre-work, Measure &
Report, Extended Roll-out - ANSWER - Pre-work, Root CA
Enrollment, Initial Roll-out, Measure & Report 5, Extended Roll-out
13.What determines the order of processing for web proxy rules in Zscaler? -
ANSWER All rules are processed top-down, first-match.
14.What does the Admin Rank define in Zscaler's Web Proxy Rules -
ANSWER It specifies which administrators can manage the rule, with
administrators of equal or lower rank able to manage those rules.
, 15.What are the criteria considered in Zscaler's DLP rules? - ANSWER DLP
Engines, Cloud Application information, file type, minimum size, Users,
Groups, Departments, Locations, Location Groups, Time, and Protocols
(HTTP, HTTPS, or native FTP).
16.How is a SAML assertion delivered to Zscaler?
Options:
- The IdP sends it via an HTTP post directly to the SP via a backend
API
- The SP sends it via an HTTP post directly to the IdP via a backend
API
- The IdP sends it via the user's browser to the SP
- The SP sends it via a trusted authority to the IdP - ANSWER The IdP
sends it via the user's browser to the SP
(Uses a form POST submitted via JavaScript)
In what way does Zscaler's Identity Proxy enable authentication to SaaS
applications?
Options:
- Injecting identity headers into the HTTP request
- SSL Inspection
- Browser Isolation
- Issuing SAML assertions - ANSWER Issuing SAML assertions
Privileged Remote Access supports which protocols? (Select 2)
