ZSCALER DIGITAL TRANSFORMATION
ADMINISTRATOR EXAM PREP QUESTIONS
AND ANSWERS VERIFIED STUDY SHEET
●● A powerful risk quantification and visualization framework for
remediating cybersecurity risk. It ingests real data from external sources
and your Zscaler environment to generate a detailed profile of your risk
posture.
Answer: Risk360
●● What is used to detect if a SAML assertion was modified after being
issued?
Options:
- XML
- Digital Signatures
- Attributes
- Tokens
Answer: Digital Signatures
●● What are the basic building blocks for DLP.
Answer: Predefined dictionaries, Custom dictionaries, and the Engines
,●● Arrange Five Phase Approach of Deploying TLS Inspection
- Pre-work, Root CA Enrollment, Initial Roll-out, Measure & Report 5,
Extended Roll-out
- Access Control, Pre-work, Measure & Report, Root CA Enrollment,
Extended Roll-out
- Hardcoded Certificate, Pre-work, Measure & Report, Initial Roll-out,
Extended Roll-out
- Strict Reinforcement, Root CA Enrollment Pre-work, Measure &
Report, Extended Roll-out
Answer: - Pre-work, Root CA Enrollment, Initial Roll-out, Measure &
Report 5, Extended Roll-out
●● What determines the order of processing for web proxy rules in
Zscaler?
Answer: All rules are processed top-down, first-match.
●● What does the Admin Rank define in Zscaler's Web Proxy Rules
Answer: It specifies which administrators can manage the rule, with
administrators of equal or lower rank able to manage those rules.
●● What are the criteria considered in Zscaler's DLP rules?
,Answer: DLP Engines, Cloud Application information, file type,
minimum size, Users, Groups, Departments, Locations, Location
Groups, Time, and Protocols (HTTP, HTTPS, or native FTP).
●● How is a SAML assertion delivered to Zscaler?
Options:
- The IdP sends it via an HTTP post directly to the SP via a backend API
- The SP sends it via an HTTP post directly to the IdP via a backend API
- The IdP sends it via the user's browser to the SP
- The SP sends it via a trusted authority to the IdP
Answer: The IdP sends it via the user's browser to the SP
(Uses a form POST submitted via JavaScript)
●● In what way does Zscaler's Identity Proxy enable authentication to
SaaS applications?
Options:
- Injecting identity headers into the HTTP request
- SSL Inspection
- Browser Isolation
- Issuing SAML assertions
Answer: Issuing SAML assertions
, ●● How does Zscaler Internet Access authenticate users? (Select 3)
Options:
- SAML
- SCIM
- LDAP
- Hosted Database
Answer: SAML, LDAP, Hosted Database
●● How does Zscaler Private Access authenticate end users?
Options:
- Username and Password in a form-based auth
- Hosted DB
- SAML
- SCIM
Answer: SAML
●● What is the fastest way to change a user's access entitlements?
Answer: Send different attributes via SCIM
ADMINISTRATOR EXAM PREP QUESTIONS
AND ANSWERS VERIFIED STUDY SHEET
●● A powerful risk quantification and visualization framework for
remediating cybersecurity risk. It ingests real data from external sources
and your Zscaler environment to generate a detailed profile of your risk
posture.
Answer: Risk360
●● What is used to detect if a SAML assertion was modified after being
issued?
Options:
- XML
- Digital Signatures
- Attributes
- Tokens
Answer: Digital Signatures
●● What are the basic building blocks for DLP.
Answer: Predefined dictionaries, Custom dictionaries, and the Engines
,●● Arrange Five Phase Approach of Deploying TLS Inspection
- Pre-work, Root CA Enrollment, Initial Roll-out, Measure & Report 5,
Extended Roll-out
- Access Control, Pre-work, Measure & Report, Root CA Enrollment,
Extended Roll-out
- Hardcoded Certificate, Pre-work, Measure & Report, Initial Roll-out,
Extended Roll-out
- Strict Reinforcement, Root CA Enrollment Pre-work, Measure &
Report, Extended Roll-out
Answer: - Pre-work, Root CA Enrollment, Initial Roll-out, Measure &
Report 5, Extended Roll-out
●● What determines the order of processing for web proxy rules in
Zscaler?
Answer: All rules are processed top-down, first-match.
●● What does the Admin Rank define in Zscaler's Web Proxy Rules
Answer: It specifies which administrators can manage the rule, with
administrators of equal or lower rank able to manage those rules.
●● What are the criteria considered in Zscaler's DLP rules?
,Answer: DLP Engines, Cloud Application information, file type,
minimum size, Users, Groups, Departments, Locations, Location
Groups, Time, and Protocols (HTTP, HTTPS, or native FTP).
●● How is a SAML assertion delivered to Zscaler?
Options:
- The IdP sends it via an HTTP post directly to the SP via a backend API
- The SP sends it via an HTTP post directly to the IdP via a backend API
- The IdP sends it via the user's browser to the SP
- The SP sends it via a trusted authority to the IdP
Answer: The IdP sends it via the user's browser to the SP
(Uses a form POST submitted via JavaScript)
●● In what way does Zscaler's Identity Proxy enable authentication to
SaaS applications?
Options:
- Injecting identity headers into the HTTP request
- SSL Inspection
- Browser Isolation
- Issuing SAML assertions
Answer: Issuing SAML assertions
, ●● How does Zscaler Internet Access authenticate users? (Select 3)
Options:
- SAML
- SCIM
- LDAP
- Hosted Database
Answer: SAML, LDAP, Hosted Database
●● How does Zscaler Private Access authenticate end users?
Options:
- Username and Password in a form-based auth
- Hosted DB
- SAML
- SCIM
Answer: SAML
●● What is the fastest way to change a user's access entitlements?
Answer: Send different attributes via SCIM
