Zscaler EDU 200 Essentials ZDTA Study Set
Final Review Questions and Answers
(2026/2027) | Structured Study Resource |
Verified | A+
• What are the basic building blocks for DLP. -✓✓Predefined dictionaries,
Custom dictionaries, and the Engines
• Arrange Five Phase Approach of Deploying TLS Inspection
- Pre-work, Root CA Enrollment, Initial Roll-out, Measure & Report 5, Extended
Roll-out
- Access Control, Pre-work, Measure & Report, Root CA Enrollment, Extended
Roll-out
- Hardcoded Certificate, Pre-work, Measure & Report, Initial Roll-out, Extended
Roll-out
- Strict Reinforcement, Root CA Enrollment Pre-work, Measure & Report,
Extended Roll-out -✓✓- Pre-work, Root CA Enrollment, Initial Roll-out, Measure
& Report 5, Extended Roll-out
• What determines the order of processing for web proxy rules in Zscaler? -✓✓All
rules are processed top-down, first-match.
• What does the Admin Rank define in Zscaler's Web Proxy Rules -✓✓It specifies
which administrators can manage the rule, with administrators of equal or lower
rank able to manage those rules.
• What are the criteria considered in Zscaler's DLP rules? -✓✓DLP Engines,
Cloud Application information, file type, minimum size, Users, Groups,
Departments, Locations, Location Groups, Time, and Protocols (HTTP, HTTPS, or
native FTP).
• How is a SAML assertion delivered to Zscaler?
Options:
- The IdP sends it via an HTTP post directly to the SP via a backend API
- The SP sends it via an HTTP post directly to the IdP via a backend API
,- The IdP sends it via the user's browser to the SP
- The SP sends it via a trusted authority to the IdP -✓✓The IdP sends it via the
user's browser to the SP
(Uses a form POST submitted via JavaScript)
• In what way does Zscaler's Identity Proxy enable authentication to SaaS
applications?
Options:
- Injecting identity headers into the HTTP request
- SSL Inspection
- Browser Isolation
- Issuing SAML assertions -✓✓Issuing SAML assertions
• How does Zscaler Internet Access authenticate users? (Select 3)
Options:
- SAML
- SCIM
- LDAP
- Hosted Database -✓✓SAML, LDAP, Hosted Database
• How does Zscaler Private Access authenticate end users?
Options:
- Username and Password in a form-based auth
- Hosted DB
- SAML
- SCIM -✓✓SAML
• What is the fastest way to change a user's access entitlements? -✓✓Send
different attributes via SCIM
• What are the initial steps in ZPA policy evaluation? -✓✓The Zscaler Client
Connector connects to the ZPA Public or Private Service Edge, evaluates
SAML/SCIM attributes and device posture, and establishes a Client Forwarding
policy.
, • The Zscaler Client Connector connects to the ZPA Public or Private Service
Edge, evaluates SAML/SCIM attributes and device posture, and establishes a
Client Forwarding policy. -✓✓The Zscaler Client Connector connects to the ZPA
Public or Private Service Edge, evaluates SAML/SCIM attributes and device
posture, and establishes a Client Forwarding policy.
• The Zscaler Client Connector connects to the ZPA Public or Private Service
Edge, evaluates SAML/SCIM attributes and device posture, and establishes a
Client Forwarding policy. -✓✓The Zscaler Client Connector connects to the ZPA
Public or Private Service Edge, evaluates SAML/SCIM attributes and device
posture, and establishes a Client Forwarding policy.
• In order for Zscaler to enforce policy based on accessing devices, what method is
best used by IdPs to share information about a user's accessing device?
Options
- Kerberos
- SAML
- Header Injection
- Mobile Device Management -✓✓SAML
• Privileged Remote Access supports which protocols? (Select 2)
Options:
- SSH
- RDP
- CIFS
- HTTP/HTTPS -✓✓SSH, RDP
• Which services can coexist on an Application Segment?
Options:
- Isolation, Browser Access, and Inspection
- RDP, SSH, and Inspection
- Inspection, Isolation, and RDP
- CIFS, RDP, and SSJ -✓✓Isolation, Browser Access, and Inspection
• How often does the Zscaler Client Connector check for software updates?
Final Review Questions and Answers
(2026/2027) | Structured Study Resource |
Verified | A+
• What are the basic building blocks for DLP. -✓✓Predefined dictionaries,
Custom dictionaries, and the Engines
• Arrange Five Phase Approach of Deploying TLS Inspection
- Pre-work, Root CA Enrollment, Initial Roll-out, Measure & Report 5, Extended
Roll-out
- Access Control, Pre-work, Measure & Report, Root CA Enrollment, Extended
Roll-out
- Hardcoded Certificate, Pre-work, Measure & Report, Initial Roll-out, Extended
Roll-out
- Strict Reinforcement, Root CA Enrollment Pre-work, Measure & Report,
Extended Roll-out -✓✓- Pre-work, Root CA Enrollment, Initial Roll-out, Measure
& Report 5, Extended Roll-out
• What determines the order of processing for web proxy rules in Zscaler? -✓✓All
rules are processed top-down, first-match.
• What does the Admin Rank define in Zscaler's Web Proxy Rules -✓✓It specifies
which administrators can manage the rule, with administrators of equal or lower
rank able to manage those rules.
• What are the criteria considered in Zscaler's DLP rules? -✓✓DLP Engines,
Cloud Application information, file type, minimum size, Users, Groups,
Departments, Locations, Location Groups, Time, and Protocols (HTTP, HTTPS, or
native FTP).
• How is a SAML assertion delivered to Zscaler?
Options:
- The IdP sends it via an HTTP post directly to the SP via a backend API
- The SP sends it via an HTTP post directly to the IdP via a backend API
,- The IdP sends it via the user's browser to the SP
- The SP sends it via a trusted authority to the IdP -✓✓The IdP sends it via the
user's browser to the SP
(Uses a form POST submitted via JavaScript)
• In what way does Zscaler's Identity Proxy enable authentication to SaaS
applications?
Options:
- Injecting identity headers into the HTTP request
- SSL Inspection
- Browser Isolation
- Issuing SAML assertions -✓✓Issuing SAML assertions
• How does Zscaler Internet Access authenticate users? (Select 3)
Options:
- SAML
- SCIM
- LDAP
- Hosted Database -✓✓SAML, LDAP, Hosted Database
• How does Zscaler Private Access authenticate end users?
Options:
- Username and Password in a form-based auth
- Hosted DB
- SAML
- SCIM -✓✓SAML
• What is the fastest way to change a user's access entitlements? -✓✓Send
different attributes via SCIM
• What are the initial steps in ZPA policy evaluation? -✓✓The Zscaler Client
Connector connects to the ZPA Public or Private Service Edge, evaluates
SAML/SCIM attributes and device posture, and establishes a Client Forwarding
policy.
, • The Zscaler Client Connector connects to the ZPA Public or Private Service
Edge, evaluates SAML/SCIM attributes and device posture, and establishes a
Client Forwarding policy. -✓✓The Zscaler Client Connector connects to the ZPA
Public or Private Service Edge, evaluates SAML/SCIM attributes and device
posture, and establishes a Client Forwarding policy.
• The Zscaler Client Connector connects to the ZPA Public or Private Service
Edge, evaluates SAML/SCIM attributes and device posture, and establishes a
Client Forwarding policy. -✓✓The Zscaler Client Connector connects to the ZPA
Public or Private Service Edge, evaluates SAML/SCIM attributes and device
posture, and establishes a Client Forwarding policy.
• In order for Zscaler to enforce policy based on accessing devices, what method is
best used by IdPs to share information about a user's accessing device?
Options
- Kerberos
- SAML
- Header Injection
- Mobile Device Management -✓✓SAML
• Privileged Remote Access supports which protocols? (Select 2)
Options:
- SSH
- RDP
- CIFS
- HTTP/HTTPS -✓✓SSH, RDP
• Which services can coexist on an Application Segment?
Options:
- Isolation, Browser Access, and Inspection
- RDP, SSH, and Inspection
- Inspection, Isolation, and RDP
- CIFS, RDP, and SSJ -✓✓Isolation, Browser Access, and Inspection
• How often does the Zscaler Client Connector check for software updates?
