ZSCALER EDU 200 CORE EXAM SET UPDATED EXAM
QUESTIONS AND ANSWERS RATED A+
✔✔The Zscaler Client Connector connects to the ZPA Public or Private Service Edge,
evaluates SAML/SCIM attributes and device posture, and establishes a Client
Forwarding policy. - ✔✔The Zscaler Client Connector connects to the ZPA Public or
Private Service Edge, evaluates SAML/SCIM attributes and device posture, and
establishes a Client Forwarding policy.
✔✔In order for Zscaler to enforce policy based on accessing devices, what method is
best used by IdPs to share information about a user's accessing device?
Options
- Kerberos
- SAML
- Header Injection
- Mobile Device Management - ✔✔SAML
✔✔Privileged Remote Access supports which protocols? (Select 2)
Options:
- SSH
- RDP
- CIFS
- HTTP/HTTPS - ✔✔SSH, RDP
✔✔Which services can coexist on an Application Segment?
Options:
- Isolation, Browser Access, and Inspection
- RDP, SSH, and Inspection
- Inspection, Isolation, and RDP
- CIFS, RDP, and SSJ - ✔✔Isolation, Browser Access, and Inspection
✔✔How often does the Zscaler Client Connector check for software updates?
Options:
- Every 2 hours
- Every 6 hours
- Every 12 hours
- Every 24 hours - ✔✔Every 2 hours
✔✔Which check guarantees identification of a corporate-managed device by the
Zscaler Client Connector? - ✔✔Client Certificate & Non-Exportable private key
,✔✔You want Zscaler Client Connector to automatically redirect to your corporate SAML
IDP on launch. Which installer options should you configure to do so? (Select 2) - ✔✔--
cloudName
--userDomain
✔✔Where is the control to prevent a user from exiting Zscaler Client Connector?
Options:
- It's a ZCC Installer option
- In the Forwarding Profile
- In the Application Profile
- Under Administration, Advanced Settings - ✔✔In the Application Profile
✔✔When moving from an Explicit Proxy to a Tunneled/Transparent Proxy - what, if any,
effects will be seen on the client? (Select 3)
Options:
- No Effect
- The client will always resolve DNS
- The client browser needs re-configuration
- Authenticated websites may no longer work
- An Explicit Proxy and a Transparent Proxy are the same thing - ✔✔The client will
always resolve DNS
The client browser needs re-configuration
Authenticated websites may no longer work
✔✔What benefits does a Zscaler Tunnel have over other forwarding mechanisms for
Zscaler Client Connector?
Options:
- Tunnels are the only mechanism to install ZCC
- Tunnels enable only HTTP and HTTPS traffic to be forwarded by ZCC
- Tunnels enable Zscaler to control the end user device
- Tunnels encapsulate traffic and authenticate to the Zero Trust Exchange - ✔✔Tunnels
encapsulate traffic and authenticate to the Zero Trust Exchange
✔✔Browser Based Access enables what kinds of applications to be published?
Options:
- HTTP and HTTPS
- RDP and SSH
- Telnet and RDP
- HTTP, HTTPS, and SSH - ✔✔HTTP and HTTPS
, ✔✔Why is Z-Tunnel 2.0 superior to Z-Tunnel 1.0? (Select 3)
Options:
- Provides a control channel to update device
- Faster transport mechanism
- Allows multicast traffic
- Enables Cloud Firewall
- Z-Tunnel 1.0 is no longer supported - ✔✔Provides a control channel to update device
Faster transport mechanism
Enables Cloud Firewall
✔✔What conditions exist for Trusted Network Detection?
Options:
- Hostname Resolution, Network Adaptor IP, Default Gateway
- Hostname Resolution, DNS Servers, Geo Location
- DNS Search Domain, DNS Server, Configure FQDN/IP, Set Condition Match
- DNS Servers, DNS Search Domain, Network Adaptor IP - ✔✔DNS Search Domain,
DNS Server, Configure FQDN/IP, Set Condition Match
✔✔A server group maps _____ to ____?
Options:
- App Connectors Groups to Application Segments
- Applications to FQDNS
- FQDNs to IP Addresses
- Applications to Application Groups - ✔✔App Connectors Groups to Application
Segments
✔✔Why is SSL/TLS inspection critical in a security architecture?
Options:
- It is not important
- QUIC is an encrypted protocol that rides on SSL; hence, it is important from an
HTTP/3 inspection perspective
- 85-90% of all internet traffic is SSL/TLS encrypted (including threats), as protocols
such as HTTP/2 are only delivered over TLS; SSL/TLS inspection allows you to inspect
the connection and look at the full payload, including HTTP headers, which is important
to be able to block malicious traffic and prevent sensitive data from leaking out of an
organization
- A MITM (man-in-the-middle) attack should always be performed, even for certificate-
pinned applications, as it allows for real-time visibility and storing transactions in plain
text for further inspection by a third auditing party - ✔✔85-90% of all internet traffic is
SSL/TLS encrypted (including threats), as protocols such as HTTP/2 are only delivered
over TLS; SSL/TLS inspection allows you to inspect the connection and look at the full
QUESTIONS AND ANSWERS RATED A+
✔✔The Zscaler Client Connector connects to the ZPA Public or Private Service Edge,
evaluates SAML/SCIM attributes and device posture, and establishes a Client
Forwarding policy. - ✔✔The Zscaler Client Connector connects to the ZPA Public or
Private Service Edge, evaluates SAML/SCIM attributes and device posture, and
establishes a Client Forwarding policy.
✔✔In order for Zscaler to enforce policy based on accessing devices, what method is
best used by IdPs to share information about a user's accessing device?
Options
- Kerberos
- SAML
- Header Injection
- Mobile Device Management - ✔✔SAML
✔✔Privileged Remote Access supports which protocols? (Select 2)
Options:
- SSH
- RDP
- CIFS
- HTTP/HTTPS - ✔✔SSH, RDP
✔✔Which services can coexist on an Application Segment?
Options:
- Isolation, Browser Access, and Inspection
- RDP, SSH, and Inspection
- Inspection, Isolation, and RDP
- CIFS, RDP, and SSJ - ✔✔Isolation, Browser Access, and Inspection
✔✔How often does the Zscaler Client Connector check for software updates?
Options:
- Every 2 hours
- Every 6 hours
- Every 12 hours
- Every 24 hours - ✔✔Every 2 hours
✔✔Which check guarantees identification of a corporate-managed device by the
Zscaler Client Connector? - ✔✔Client Certificate & Non-Exportable private key
,✔✔You want Zscaler Client Connector to automatically redirect to your corporate SAML
IDP on launch. Which installer options should you configure to do so? (Select 2) - ✔✔--
cloudName
--userDomain
✔✔Where is the control to prevent a user from exiting Zscaler Client Connector?
Options:
- It's a ZCC Installer option
- In the Forwarding Profile
- In the Application Profile
- Under Administration, Advanced Settings - ✔✔In the Application Profile
✔✔When moving from an Explicit Proxy to a Tunneled/Transparent Proxy - what, if any,
effects will be seen on the client? (Select 3)
Options:
- No Effect
- The client will always resolve DNS
- The client browser needs re-configuration
- Authenticated websites may no longer work
- An Explicit Proxy and a Transparent Proxy are the same thing - ✔✔The client will
always resolve DNS
The client browser needs re-configuration
Authenticated websites may no longer work
✔✔What benefits does a Zscaler Tunnel have over other forwarding mechanisms for
Zscaler Client Connector?
Options:
- Tunnels are the only mechanism to install ZCC
- Tunnels enable only HTTP and HTTPS traffic to be forwarded by ZCC
- Tunnels enable Zscaler to control the end user device
- Tunnels encapsulate traffic and authenticate to the Zero Trust Exchange - ✔✔Tunnels
encapsulate traffic and authenticate to the Zero Trust Exchange
✔✔Browser Based Access enables what kinds of applications to be published?
Options:
- HTTP and HTTPS
- RDP and SSH
- Telnet and RDP
- HTTP, HTTPS, and SSH - ✔✔HTTP and HTTPS
, ✔✔Why is Z-Tunnel 2.0 superior to Z-Tunnel 1.0? (Select 3)
Options:
- Provides a control channel to update device
- Faster transport mechanism
- Allows multicast traffic
- Enables Cloud Firewall
- Z-Tunnel 1.0 is no longer supported - ✔✔Provides a control channel to update device
Faster transport mechanism
Enables Cloud Firewall
✔✔What conditions exist for Trusted Network Detection?
Options:
- Hostname Resolution, Network Adaptor IP, Default Gateway
- Hostname Resolution, DNS Servers, Geo Location
- DNS Search Domain, DNS Server, Configure FQDN/IP, Set Condition Match
- DNS Servers, DNS Search Domain, Network Adaptor IP - ✔✔DNS Search Domain,
DNS Server, Configure FQDN/IP, Set Condition Match
✔✔A server group maps _____ to ____?
Options:
- App Connectors Groups to Application Segments
- Applications to FQDNS
- FQDNs to IP Addresses
- Applications to Application Groups - ✔✔App Connectors Groups to Application
Segments
✔✔Why is SSL/TLS inspection critical in a security architecture?
Options:
- It is not important
- QUIC is an encrypted protocol that rides on SSL; hence, it is important from an
HTTP/3 inspection perspective
- 85-90% of all internet traffic is SSL/TLS encrypted (including threats), as protocols
such as HTTP/2 are only delivered over TLS; SSL/TLS inspection allows you to inspect
the connection and look at the full payload, including HTTP headers, which is important
to be able to block malicious traffic and prevent sensitive data from leaking out of an
organization
- A MITM (man-in-the-middle) attack should always be performed, even for certificate-
pinned applications, as it allows for real-time visibility and storing transactions in plain
text for further inspection by a third auditing party - ✔✔85-90% of all internet traffic is
SSL/TLS encrypted (including threats), as protocols such as HTTP/2 are only delivered
over TLS; SSL/TLS inspection allows you to inspect the connection and look at the full
