ZSCALER EDU 200 ESSENTIALS COMPREHENSIVE EXAMS
UODATED QUESTIONS AND ANSWERS RATED A+
✔✔Cloud Path can provide visibility over which paths?
Options:
- Cloud Path can provide visibility into the traffic going directly via ZIA and ZPA
- In tunnels formed over ZIA using ZCC Tunnel 2.0 only
- Mainly tunnels which are running ZPA (mtunnels)
- Direct Internet traffic only, as it is not possible to traceroute via Layer 7 Proxy -
✔✔Cloud Path can provide visibility into the traffic going directly via ZIA and ZPA
✔✔What component of SAML authentication is the Service Provider (SP)? - ✔✔Zscaler
acts as a SAML SP
✔✔What component of SAML authentication is the Identity Provider (IdP)? - ✔✔IdP
examples include: Okta,
Ping, AD FS, Azure AD
✔✔What are security assertions? - ✔✔Also known as tokens, they are issued to users
by the IdP and presented to SPs/RPs to confirm authentication. Trust is based on Public
Key Infrastructure (PKI). Assertions may contain:
Authentication, Attribute, or Authorization statements.
✔✔How does SAML authentication work using Zscaler? - ✔✔1. Request Application
2. Redirect to Zscaler SP (ZIA/ZPA)
3. Login Request
4. Redirect to SAML IdP
5. Login to IdP
6. SAML Assertion Identity
7. SAML
8. Auth Token issued
9. Access granted to application
✔✔What functionality does SCIM provide? - ✔✔It supports the addition, deletion, and
updating of users as well as the ability to apply policy based on SCIM user or group
attributes.
✔✔Define a zero trust connection - ✔✔Independent of any network for control or trust.
Zero trust ensures access is granted by never sharing the network between the
originator and the destination application.
✔✔What tunnel methods does ZTunnel 2.0 use? - ✔✔DTLS with a fallback to TLS
, ✔✔How does ZTunnel 1.0 work? - ✔✔Uses a HTTP CONNECT tunnel. Use 2 tunnels,
one connecting to ZTE for authentication, enrollment, and passing traffic. The other
tunnel is used for applying policy updates every 60 minutes.
✔✔What does the app profile PAC URL define? - ✔✔The Zero Trust Exchange node to
be used based on the client's geographic IP information.
✔✔What does a forwarding profile PAC do? - ✔✔Steers traffic toward or away from the
Client Connector
✔✔What does an app profile PAC do? - ✔✔Steers traffic toward or away from the
Zscaler Cloud
✔✔How often does Zscaler Client Connector download policy updates
for the app profiles and forwarding profiles? - ✔✔Every hour
✔✔How often will Zscaler Client Connector download the PAC file of the
app profiles and the forwarding profiles? - ✔✔Every 15 minutes
✔✔How do app connectors work? - ✔✔They establish connections through the firewall
to the Zscaler cloud and the Zero Trust Exchange facilitates a reverse connection.
✔✔How are app connectors deployed? - ✔✔A provisioning key is created for each
connector group, which is signed by by an intermediate certificate authority and
the intermediate trusted by the root CA. Clients are enrolled against a client
intermediate certificate authority.
✔✔What connection methods are used for Zscaler browser access? - ✔✔SSL is always
used for the outside connection, whereas HTTP or HTTPS may be used internally.
✔✔What are features of the Platform Services Suite? - ✔✔TLS Decryption, Policy
Framework, Incident Response/Workflow, Discovery, Device Posture,
Reporting/Logging, Risk Score, Analytics/UEBA, AI/ML, Private Service Edge
✔✔What are features of the Connectivity Services Suite? - ✔✔Browser Access, Client
Connector, Branch Connector, Cloud Connector, SD-WAN/Any Router
✔✔What are features of the Access Control Services Suite? - ✔✔DNS, Firewall,
URL/Web Filtering, App Segmentation, Micro-Segmentation, Tenant Restrictions,
Bandwidth QoS, Private App Access, Adaptive Access
✔✔What are features of the Security Services Cyber Protection Suite? - ✔✔Antivirus,
Adv. Threat Protection, Sandbox, IPS, Deception, WAF, Browser Isolation
UODATED QUESTIONS AND ANSWERS RATED A+
✔✔Cloud Path can provide visibility over which paths?
Options:
- Cloud Path can provide visibility into the traffic going directly via ZIA and ZPA
- In tunnels formed over ZIA using ZCC Tunnel 2.0 only
- Mainly tunnels which are running ZPA (mtunnels)
- Direct Internet traffic only, as it is not possible to traceroute via Layer 7 Proxy -
✔✔Cloud Path can provide visibility into the traffic going directly via ZIA and ZPA
✔✔What component of SAML authentication is the Service Provider (SP)? - ✔✔Zscaler
acts as a SAML SP
✔✔What component of SAML authentication is the Identity Provider (IdP)? - ✔✔IdP
examples include: Okta,
Ping, AD FS, Azure AD
✔✔What are security assertions? - ✔✔Also known as tokens, they are issued to users
by the IdP and presented to SPs/RPs to confirm authentication. Trust is based on Public
Key Infrastructure (PKI). Assertions may contain:
Authentication, Attribute, or Authorization statements.
✔✔How does SAML authentication work using Zscaler? - ✔✔1. Request Application
2. Redirect to Zscaler SP (ZIA/ZPA)
3. Login Request
4. Redirect to SAML IdP
5. Login to IdP
6. SAML Assertion Identity
7. SAML
8. Auth Token issued
9. Access granted to application
✔✔What functionality does SCIM provide? - ✔✔It supports the addition, deletion, and
updating of users as well as the ability to apply policy based on SCIM user or group
attributes.
✔✔Define a zero trust connection - ✔✔Independent of any network for control or trust.
Zero trust ensures access is granted by never sharing the network between the
originator and the destination application.
✔✔What tunnel methods does ZTunnel 2.0 use? - ✔✔DTLS with a fallback to TLS
, ✔✔How does ZTunnel 1.0 work? - ✔✔Uses a HTTP CONNECT tunnel. Use 2 tunnels,
one connecting to ZTE for authentication, enrollment, and passing traffic. The other
tunnel is used for applying policy updates every 60 minutes.
✔✔What does the app profile PAC URL define? - ✔✔The Zero Trust Exchange node to
be used based on the client's geographic IP information.
✔✔What does a forwarding profile PAC do? - ✔✔Steers traffic toward or away from the
Client Connector
✔✔What does an app profile PAC do? - ✔✔Steers traffic toward or away from the
Zscaler Cloud
✔✔How often does Zscaler Client Connector download policy updates
for the app profiles and forwarding profiles? - ✔✔Every hour
✔✔How often will Zscaler Client Connector download the PAC file of the
app profiles and the forwarding profiles? - ✔✔Every 15 minutes
✔✔How do app connectors work? - ✔✔They establish connections through the firewall
to the Zscaler cloud and the Zero Trust Exchange facilitates a reverse connection.
✔✔How are app connectors deployed? - ✔✔A provisioning key is created for each
connector group, which is signed by by an intermediate certificate authority and
the intermediate trusted by the root CA. Clients are enrolled against a client
intermediate certificate authority.
✔✔What connection methods are used for Zscaler browser access? - ✔✔SSL is always
used for the outside connection, whereas HTTP or HTTPS may be used internally.
✔✔What are features of the Platform Services Suite? - ✔✔TLS Decryption, Policy
Framework, Incident Response/Workflow, Discovery, Device Posture,
Reporting/Logging, Risk Score, Analytics/UEBA, AI/ML, Private Service Edge
✔✔What are features of the Connectivity Services Suite? - ✔✔Browser Access, Client
Connector, Branch Connector, Cloud Connector, SD-WAN/Any Router
✔✔What are features of the Access Control Services Suite? - ✔✔DNS, Firewall,
URL/Web Filtering, App Segmentation, Micro-Segmentation, Tenant Restrictions,
Bandwidth QoS, Private App Access, Adaptive Access
✔✔What are features of the Security Services Cyber Protection Suite? - ✔✔Antivirus,
Adv. Threat Protection, Sandbox, IPS, Deception, WAF, Browser Isolation
