ZSCALER EDU 200 EVALUATION TEST UPDATED EXAM
QUESTIONS AND ANSWERS RATED A+
✔✔What are the basic building blocks for DLP. - ✔✔Predefined dictionaries, Custom
dictionaries, and the Engines
✔✔Arrange Five Phase Approach of Deploying TLS Inspection
- Pre-work, Root CA Enrollment, Initial Roll-out, Measure & Report 5, Extended Roll-out
- Access Control, Pre-work, Measure & Report, Root CA Enrollment, Extended Roll-out
- Hardcoded Certificate, Pre-work, Measure & Report, Initial Roll-out, Extended Roll-out
- Strict Reinforcement, Root CA Enrollment Pre-work, Measure & Report, Extended
Roll-out - ✔✔- Pre-work, Root CA Enrollment, Initial Roll-out, Measure & Report 5,
Extended Roll-out
✔✔What determines the order of processing for web proxy rules in Zscaler? - ✔✔All
rules are processed top-down, first-match.
✔✔What does the Admin Rank define in Zscaler's Web Proxy Rules - ✔✔It specifies
which administrators can manage the rule, with administrators of equal or lower rank
able to manage those rules.
✔✔What are the criteria considered in Zscaler's DLP rules? - ✔✔DLP Engines, Cloud
Application information, file type, minimum size, Users, Groups, Departments,
Locations, Location Groups, Time, and Protocols (HTTP, HTTPS, or native FTP).
✔✔How is a SAML assertion delivered to Zscaler?
Options:
- The IdP sends it via an HTTP post directly to the SP via a backend API
- The SP sends it via an HTTP post directly to the IdP via a backend API
- The IdP sends it via the user's browser to the SP
- The SP sends it via a trusted authority to the IdP - ✔✔The IdP sends it via the user's
browser to the SP
(Uses a form POST submitted via JavaScript)
✔✔In what way does Zscaler's Identity Proxy enable authentication to SaaS
applications?
Options:
- Injecting identity headers into the HTTP request
- SSL Inspection
- Browser Isolation
- Issuing SAML assertions - ✔✔Issuing SAML assertions
,✔✔How does Zscaler Internet Access authenticate users? (Select 3)
Options:
- SAML
- SCIM
- LDAP
- Hosted Database - ✔✔SAML, LDAP, Hosted Database
✔✔How does Zscaler Private Access authenticate end users?
Options:
- Username and Password in a form-based auth
- Hosted DB
- SAML
- SCIM - ✔✔SAML
✔✔What is the fastest way to change a user's access entitlements? - ✔✔Send different
attributes via SCIM
✔✔What are the initial steps in ZPA policy evaluation? - ✔✔The Zscaler Client
Connector connects to the ZPA Public or Private Service Edge, evaluates SAML/SCIM
attributes and device posture, and establishes a Client Forwarding policy.
✔✔The Zscaler Client Connector connects to the ZPA Public or Private Service Edge,
evaluates SAML/SCIM attributes and device posture, and establishes a Client
Forwarding policy. - ✔✔The Zscaler Client Connector connects to the ZPA Public or
Private Service Edge, evaluates SAML/SCIM attributes and device posture, and
establishes a Client Forwarding policy.
✔✔The Zscaler Client Connector connects to the ZPA Public or Private Service Edge,
evaluates SAML/SCIM attributes and device posture, and establishes a Client
Forwarding policy. - ✔✔The Zscaler Client Connector connects to the ZPA Public or
Private Service Edge, evaluates SAML/SCIM attributes and device posture, and
establishes a Client Forwarding policy.
✔✔In order for Zscaler to enforce policy based on accessing devices, what method is
best used by IdPs to share information about a user's accessing device?
Options
- Kerberos
- SAML
- Header Injection
- Mobile Device Management - ✔✔SAML
, ✔✔Privileged Remote Access supports which protocols? (Select 2)
Options:
- SSH
- RDP
- CIFS
- HTTP/HTTPS - ✔✔SSH, RDP
✔✔Which services can coexist on an Application Segment?
Options:
- Isolation, Browser Access, and Inspection
- RDP, SSH, and Inspection
- Inspection, Isolation, and RDP
- CIFS, RDP, and SSJ - ✔✔Isolation, Browser Access, and Inspection
✔✔How often does the Zscaler Client Connector check for software updates?
Options:
- Every 2 hours
- Every 6 hours
- Every 12 hours
- Every 24 hours - ✔✔Every 2 hours
✔✔Which check guarantees identification of a corporate-managed device by the
Zscaler Client Connector? - ✔✔Client Certificate & Non-Exportable private key
✔✔You want Zscaler Client Connector to automatically redirect to your corporate SAML
IDP on launch. Which installer options should you configure to do so? (Select 2) - ✔✔--
cloudName
--userDomain
✔✔Where is the control to prevent a user from exiting Zscaler Client Connector?
Options:
- It's a ZCC Installer option
- In the Forwarding Profile
- In the Application Profile
- Under Administration, Advanced Settings - ✔✔In the Application Profile
✔✔When moving from an Explicit Proxy to a Tunneled/Transparent Proxy - what, if any,
effects will be seen on the client? (Select 3)
Options:
QUESTIONS AND ANSWERS RATED A+
✔✔What are the basic building blocks for DLP. - ✔✔Predefined dictionaries, Custom
dictionaries, and the Engines
✔✔Arrange Five Phase Approach of Deploying TLS Inspection
- Pre-work, Root CA Enrollment, Initial Roll-out, Measure & Report 5, Extended Roll-out
- Access Control, Pre-work, Measure & Report, Root CA Enrollment, Extended Roll-out
- Hardcoded Certificate, Pre-work, Measure & Report, Initial Roll-out, Extended Roll-out
- Strict Reinforcement, Root CA Enrollment Pre-work, Measure & Report, Extended
Roll-out - ✔✔- Pre-work, Root CA Enrollment, Initial Roll-out, Measure & Report 5,
Extended Roll-out
✔✔What determines the order of processing for web proxy rules in Zscaler? - ✔✔All
rules are processed top-down, first-match.
✔✔What does the Admin Rank define in Zscaler's Web Proxy Rules - ✔✔It specifies
which administrators can manage the rule, with administrators of equal or lower rank
able to manage those rules.
✔✔What are the criteria considered in Zscaler's DLP rules? - ✔✔DLP Engines, Cloud
Application information, file type, minimum size, Users, Groups, Departments,
Locations, Location Groups, Time, and Protocols (HTTP, HTTPS, or native FTP).
✔✔How is a SAML assertion delivered to Zscaler?
Options:
- The IdP sends it via an HTTP post directly to the SP via a backend API
- The SP sends it via an HTTP post directly to the IdP via a backend API
- The IdP sends it via the user's browser to the SP
- The SP sends it via a trusted authority to the IdP - ✔✔The IdP sends it via the user's
browser to the SP
(Uses a form POST submitted via JavaScript)
✔✔In what way does Zscaler's Identity Proxy enable authentication to SaaS
applications?
Options:
- Injecting identity headers into the HTTP request
- SSL Inspection
- Browser Isolation
- Issuing SAML assertions - ✔✔Issuing SAML assertions
,✔✔How does Zscaler Internet Access authenticate users? (Select 3)
Options:
- SAML
- SCIM
- LDAP
- Hosted Database - ✔✔SAML, LDAP, Hosted Database
✔✔How does Zscaler Private Access authenticate end users?
Options:
- Username and Password in a form-based auth
- Hosted DB
- SAML
- SCIM - ✔✔SAML
✔✔What is the fastest way to change a user's access entitlements? - ✔✔Send different
attributes via SCIM
✔✔What are the initial steps in ZPA policy evaluation? - ✔✔The Zscaler Client
Connector connects to the ZPA Public or Private Service Edge, evaluates SAML/SCIM
attributes and device posture, and establishes a Client Forwarding policy.
✔✔The Zscaler Client Connector connects to the ZPA Public or Private Service Edge,
evaluates SAML/SCIM attributes and device posture, and establishes a Client
Forwarding policy. - ✔✔The Zscaler Client Connector connects to the ZPA Public or
Private Service Edge, evaluates SAML/SCIM attributes and device posture, and
establishes a Client Forwarding policy.
✔✔The Zscaler Client Connector connects to the ZPA Public or Private Service Edge,
evaluates SAML/SCIM attributes and device posture, and establishes a Client
Forwarding policy. - ✔✔The Zscaler Client Connector connects to the ZPA Public or
Private Service Edge, evaluates SAML/SCIM attributes and device posture, and
establishes a Client Forwarding policy.
✔✔In order for Zscaler to enforce policy based on accessing devices, what method is
best used by IdPs to share information about a user's accessing device?
Options
- Kerberos
- SAML
- Header Injection
- Mobile Device Management - ✔✔SAML
, ✔✔Privileged Remote Access supports which protocols? (Select 2)
Options:
- SSH
- RDP
- CIFS
- HTTP/HTTPS - ✔✔SSH, RDP
✔✔Which services can coexist on an Application Segment?
Options:
- Isolation, Browser Access, and Inspection
- RDP, SSH, and Inspection
- Inspection, Isolation, and RDP
- CIFS, RDP, and SSJ - ✔✔Isolation, Browser Access, and Inspection
✔✔How often does the Zscaler Client Connector check for software updates?
Options:
- Every 2 hours
- Every 6 hours
- Every 12 hours
- Every 24 hours - ✔✔Every 2 hours
✔✔Which check guarantees identification of a corporate-managed device by the
Zscaler Client Connector? - ✔✔Client Certificate & Non-Exportable private key
✔✔You want Zscaler Client Connector to automatically redirect to your corporate SAML
IDP on launch. Which installer options should you configure to do so? (Select 2) - ✔✔--
cloudName
--userDomain
✔✔Where is the control to prevent a user from exiting Zscaler Client Connector?
Options:
- It's a ZCC Installer option
- In the Forwarding Profile
- In the Application Profile
- Under Administration, Advanced Settings - ✔✔In the Application Profile
✔✔When moving from an Explicit Proxy to a Tunneled/Transparent Proxy - what, if any,
effects will be seen on the client? (Select 3)
Options:
