Search CliffsNotes Lit Notes Study Guides Documents Q&A Log In Sign Up

Exam 202 .pdf

School Course Subject Date Pages

Jaipur National University* IT ZIA Information Systems May 18, 2024 13
*We aren't endorsed by this school

Uploaded by MateRain14038 Helpful Unhelpful

Home / Information Systems

___
 
Lessons

Exam


 You have passed the test!
65 of 65 questions answered
Hide Answers

Your score:
Question 1:  Correct answer
55 of 65 Correct (84%)
What are the different Alerting Criteria available in ZDX?

Elapsed time:
 Application, Device, Network, and ZDX Score
56 minutes
 Device, Protocol, User Experience, and Web Probe
 Web Probe, Cloud Path Probes, DNS, and TCP Timeout
 CPU, DNS, ZDX Score, and RUM

Question 2:  Incorrect answer

Where must NAT occur to have the client IP address be visible within a GRE tunnel through a firewall
Zero Trust Exchange?

 After traffic comes into the router.

 Before traffic comes into the router.
 On a cloud connector VM before the router.
 On the Zscaler Client Connector.

Question 3:  Correct answer

What is Zscaler's main platform called?

 The Zero Trust Exchange Next 

 The Secure In-Line E-mail Proxy

 The Next-Gen Firewall
 Cloud-Based Management
 Allow
 Block all,
everything
even risky
andports
startand
allowing
protocols.
what your users need to access.
Question 4:  Correct answer
 Allow all, with certain exceptions for specific ports and protocols (e.g. port 22, SSH).
What is the best practice for a cloud-gen firewall in terms of having default rules?
 Block ICMP packets.

Question 5:  Correct answer

The two main goals for out-of-band CASB are: (Select two).

 Preventing data loss

 Dealing with known and unknown threats
 Allowing users access to your data outside of your network
 Allowing 3rd party access

Question 6:  Correct answer

What is one of the benefits of using Tenancy Restrictions?

 Different profiles can be provided for Employees vs contractors to provide different levels of ac
certain Cloud Applications
 Tenancy Restrictions permit full access to anyone logged in via Client Connector.
 Tenancy Restrictions ensures that employees do not access websites that are not deemed safe.
 Tenancy Restrictions utilizes Advanced Firewall policies to dictate traffic flows.
Question 7:  Correct answer
How many Virtual Service Edge's can exist within one cluster?

 4
 8
 16
 32

Question 8:  Incorrect answer

Source IP Anchoring provides what functionalities? (Select 3)

 All traffic is processed by the Private Internet Service Edge in the customer data center.
 Policy based forwarding through the App Connector.
 Content scanned by the Zero Trust Exchange.
 Public IP of the App Connector.
Next 
 App Connector scans content against the DLP Engine.

Question 9:  Incorrect answer

SIPA is supported on web and non-web applications.

 True
 False

Question 10:  Correct answer

IPSec Tunnels should always be deployed in pairs for redundancy.

 True
 False

Question 11:  Correct answer

Zscaler incident management end-user notifications can be delivered in which form?

 Browser, Slack, Teams, and Client Connector pop-up

 Browser, Slack,Inbound
Inbound DNS,
TCP/443, Teams, and email
Outbound
TCP/22,
TCP/443,
InboundOutbound
TCP/443, Inbound
DNS. UDP/443, Outbound all TCP/UDP.
Question 14:  Correct answer
 email, Slack, Browser, and SMS text
You have data centers in New York, San Francisco, London, and Hong Kong. Each data center hosts
 SMS text and
applications, and email
all have internet connectivity. What is the MINIMUM number of App Connectors yo
deploy for production?
Question 12:  Correct answer
Customers
 4 - one percanDC.
bring their own custom signatures to create custom IPS rules as a part of Zscaler's c
firewall
 6 - onefunctionality.
per DC, plus 2 for cold standby
 8 - 2 per DC
Next 
 True
 False

Question 13:  Correct answer

What firewall rules are required for Private Access Service Edge to function?

 Inbound and outbound, all TCP/UDP.

 Inbound all TCP/UDP, Outbound 443 TCP/UDP.

 16 - 4 DC's and each requires a connector to build a mesh to the other DC's

Question 15:  Correct answer

Which DLP tool allows administrators to see how risky an application is?

 Risk Score
 Risk Aversion Policy
 RISK avoidance engine
 IDM

Question 16:  Correct answer

How can the Administrator receive violation notifications? (choose 3).
 False
 True

Question
 email 18:  Correct answer
Which functions
 Secure ICAP does the Central Authority provide? (Select 3)
 Stream logs to SIEM
 Policy Management.
 SMS text message
 Authentication.
 Logging of traffic.
Question 17:  Correct answer
TheTerminates
 Private
goal of Zscaler Access
Identity Connections.
Proxy is to prevent users from accessing your Cloud Applications unless
accessing
 them via Zscaler.
Node Selection.

Question 19:  Correct answer

Browser Isolation can be used with both ZIA and ZPA.

 True
 False

Question 20:  Correct answer

Which of the ZDX functionalities leverages Machine Learning to assist with Automated Root Cause A

 AI Ops Function
Next 
 AutoRCA

 ChatZDX
 Y-Engine

Question 21:  Correct answer

GRE Tunnels should always be deployed in pairs for redundancy.
What additional
Question 22:  Correct
infrastructure
answeris required to enable Zscaler Deception?
True Only Zscaler Client Connector is needed
 None.

 False
Physical Honeypot servers
 Physical fake Active Directory Servers
 Servers with intentionally weak passwords

Question 23:  Correct answer

ZDX Deep Tracing can be leveraged to get granular data on demand from a user's device How granu
the probing frequency get?

 1 minute
 5 minutes
 3 minutes
 2 minutes

Question 24:  Correct answer

To ensure Zero Trust, users should not be connected to _____________, but to the application.

 each other
 an AWS server
 a DMZ
 the network

Question 25:  Correct answer

Which tunnel provides higher throughput?

 GRE Tunnel
 IPSec Tunnel

Question 26:  Correct answer

Why would you deploy a ZPA Private Service Edge? (Select 3).

 A Private Access Service Edge is required in all deployments

Next 
 Disaster Recovery
 Consistent User Experience
 Prevent Lateral Movement on a trusted campus network

Question 27:  Incorrect answer

Which TCP port is automatically selected for a Cloud Path probe set with Adaptive as the protocol fo
a custom app?

 80
 Same as the port configured for the host URL in the Web Probe that it follows
 443
 None - ICMP will be automatically selected

Question 28:  Correct answer

Which of the following is true about Zscaler APIs? (Select 2)

 Zscaler does not provide any APIs.

 Zscaler APIs are used for Partner integrations.
 Zscaler APIs are used for customers to update policy.
 Zscaler APIs are only accessible to advanced licensed customers.
 Zscaler

 Zscaler APIs
peersare
has an rate
with
open limited
Tier
peering to 5 transactions
1 Transit
policy
Providers. per minute.
through Internet Exchanges.
 Zscaler peers with content providers and ISPs.
 Zscaler
Question runs
29: cross connects
 Correct answer directly to third-parties.
LDAP
 can synchronize
Zscaler updates BGPwhich of the following?
across internet to (Select
optimize3).traffic.
Next 
 User
 Group
 Department
 Device Type

Question 30:  Incorrect answer

SSL Inspection is required when using Identity Proxy.

 True
 False

Question 31:  Incorrect answer

Which traffic path optimizations exist for Zscaler data centers? (Select 3)
Question 32:  Correct answer
How are Private Service Edge's managed?

 Zscaler manages Private Service Edge's even though they are deployed in the customers data c
 The customer manages the Private Service Edge including software updates.
 They are unmanaged devices.
 The end user manages Private Service Edge's.

Question 33:  Correct answer

Which use cases can Zscaler's Deception technology help stop? (Select 2).

 Disrupt stealthy attacks from malicious insiders

 Detect compromised users
 Stop
never runAI
Question based
35: attacks
malicious
 Correct
javascript.
answer
Why is DNS Security important?
 Segmenting the network with Air-gaps

 Attackers are increasingly using sophisticated methods like newly registered domains or levera
Question 34:  Correct
TXT/RR records of DNSanswer
to send encrypted information over a command and control channel.
What technology can help in protecting users from websites running never seen before malicious jav
 With more reliance on publicly discovered DNS resolvers on the open Internet (e.g. Google at 8.8
probability of compromise is higher as many of these resolvers use open-source technologies.
 Modern browsers like google chrome can block any malicious active content on any website.
 Iterative DNS platforms tend to use next-gen firewalls, which by default have an allow access po
UDPBrowser
 port 53.Isolation can be used to safely render websites through a pixelated stream eliminating
malicious javascript from executing.
 When using local DNS servers on the LAN, one must assume compromise due to the complexity
 Browsing
managing websites
hundreds of using a CLI of
thousands and telnet
DNS command
servers can be anenvironment.
in a distributed effective way to protect from mal
javascript.
 Blocking URL categories like NOD & NRD can be enough to protect as legitimate popular website
Question 36:  Correct answer
What is the "Cloud Effect" as it pertains to Cloud Sandbox?

 The MD5 hash of a file deemed malicious from Sandbox or threat feeds is uploaded to the cloud
time any customer sees the same file it will be blocked.
 File that has never been seen before is detonated in the Sandbox
Next 
 This is a URL filtering function
 Occurs between the "Pre-Filtering" and "Behavioral Analysis" stages of Sandbox

Question 37:  Correct answer

What is the function of the auto proxy forwarding firewall configuration?

 Automatically forwarding traffic from all ports and protocols to Zscaler's proxy.
 Automatically detecting web traffic (e.g. FTP, HTTPS) coming in on non-standard ports and forw
to
 Zscaler's
An
access? proxy.
application
(Select
needs
2) totodifferentiate
only be accessed by corporate devices. What options
It is not possible a corporate device from a personal device.could be used to cont
 Blocking

Corporatetraffic destined
Devices need toforbe
a web proxy. with Zscaler during enrollment.
registered
 Turning
 the firewall
Device Posture Checkintofor
a makeshift proxy,
Certificates in caseDirectory.
and Active the Zscaler cloud is down.

 SAML Attributes can include device trust.

Question 38:  Incorrect answer
 SCIM Synchronization of devices enrolled in the Active Directory.

Question 39:  Correct answer

What are the two main uses cases from Browser Isolation? (Select 2)

 Browser Isolation for Cyber Security

 Browser Isolation for Data/App Protection
 Browser Isolation for improved video streaming
 Browser Isolation for productivity loss

Question 40:  Correct answer

Why is it important to use IPS to look at traffic on non-standard ports?

 It is common for attackers to sometimes use non-standard ports for well known applications - e
running a web server on port 8999.
 Non-standard ports are inherently easier to program web applications for.
 Firewalls cannot detect traffic on non-standard ports.
 Zscaler itself operates on non-standard ports, which has led to a shift in the industry to move tow
non-standard ports.

Question 41:  Correct answer

What is the main benefit of DLP Parallel Processing?

 Provides extreme flexibility and granularity of DLP policy by not stopping processing at the firs
match
Next 
 Faster policy processing by sending multiple copies of the transactions to all DLP policies simult
 It
Canworks
combine
the same
actions
as traditional
of other types
firewalls
of policies and DLP policies to affect the outcome

Question 42:  Correct answer

Which types of Private Service Edges are available? (Select 2).

 ZIA Private Service Edge

 ZPA Private Service Edge
 O365 Service Edge
 DLP Service Edge

Question 43:  Correct answer

Zscaler Incident Management integrates with Service Now.

 True
 False

Question 44:  Correct answer

Zscaler Deception works by placing decoys and fake information, or lures, to trick bad actors into ac
them.

 True
 False
Question
Validate
47:SAML
 Correct
data answer
with Zscaler error codes in the help portal
IDM (Indexed Document Match) allows organizations to do which of the following?
Next 
Question 45:  Correct answer
What role does the Zscaler Identity Proxy play, in enabling access control through Zscaler, to a cloud
application?

 Acting as a web proxy that intercepts and inspects all cloud application authentication requests.
 Ensure that the user is already signed into Zscaler before they are allowed to attempt to access
application.
 Synchronizing the user identity and attributes between the Zscaler IdP and the cloud application I
 Acting as the source IP for a cloud application that provides restricted access by IP.

Question 46:  Correct answer

How do you troubleshoot enrolment and authentication issues? (Select 3).

 Take a packet capture

 Take a Header trace from your browser
 Use SAML tracer tools

 Protect their unstructured data, e.g. files such as PDFs or other word documents.
 Create index cards with lists of important documents.
 Upload data to an ICAP incident receiver.
 Debate the merits of scanning PII, which may or may not be a concern for Workers' councils.

Question 48:  Correct answer

What is the main use case for Browser Isolation?

 Protecting sensitive data when using BYOD and unmanaged assets

 Completely blocking unauthorized devices from corporate applications.
 Isolate browser memory usage from the rest of the operating system
 Prevent users from browsing to unauthorized applications

Question 49:  Correct answer

clients'
 Triple
Which clients
extortion
tunnel are blackmailed
types driven by ransomware
does Zscaler - where not
support between only are
a router andyou and your
a Zscaler clients
data blackmailed,
center? (Select 2).but y
Question 51:  Correct answer
How does
 GRE Zscaler implement DNS to optimize the path to internet applications?
Tunnel
 IPSec Tunnel
 Relying on third party DNS solutions like Google (8.8.8.8) or Cloudflare (1.1.1.1).
 IPv6 tunnel
 Zscaler's built-in DNS resolvers at 150 data centers globally, which intercept DNS requests and
 Tunnel 2.0
recursive DNS resolution for identifying low-latency paths to the end destination or SaaS applicatio
 Iterative DNS functionality, leveraged by hairpinning traffic to an on-prem DNS server located at Z
Question 50:  Correct answer
HQ in San Jose.
How do most major security breaches begin?
 Open source VMs that a customer can deploy on-prem for local DNS resolution within the LAN.

 Lock-picking
Question 52:  Correct answer
 A "ghost in the machine" scenario
What are the two probe types that are configured while configuring an application in the ZDX Admin
 An attacker finding your attack surface
portal?
Next 
 HTML and Network Probes
 MTR and HTTP POST Probes
 Web Probe and Cloudpath Probes
 Traceroute Probe and Network Auth Probes

Question 53:  Incorrect answer

When configuring Identity Proxy where is the Identity Proxy URL configured?
have
Assume
however,
 Theaccess?
users
has aapplication
Cloud are
highbeing
Risk blocked
Score causing
from athe
website
block.despite
What should
policies
you
being
do ifcorrect.
you determine
You discover
that users
that the
sh

 Lower
 your Page Risk Index Threshold
In Zscaler
 Add
 a URL
The user exception for that site under Advanced Threat Protection security exceptions
device
 Create a SSLUser
The Zscaler Inspection
SAML DMpolicy for that site with the Action set to 'Do Not Inspect'
 Disable Advanced Threat Protection
Question 54:  Correct answer
Question 55:  Correct answer
How are logs stored in Zscaler Internet Access?

 Logs are stored in clear text.

 Logs are stored against bitmaps of identifiers, user objects are tokenized and stored in encrypt
storage in Zscaler hub data centers.
 Logs are tokenized and stored in AWS S3.
 Logs are streamed directly to customer SIEMS.

Question 56:  Incorrect answer

What is the main goal of DLP violation notification?

 Educate the end user on risky behavior

 Block data exfiltration
 Notify the Administrator
 Flag employee for termination

Question 57:  Correct answer

Sensitive data can effectively be protected from BYOD via:

 Zscaler Isolation Proxy & Browser Isolation

Next 

 By asking employees to promise not to download sensitive data

 By taking screenshots of an employee's device
Question
 By placing
58: 
a Correct
reverse proxy
answer in front of a forward proxy
What is the main benefit of a physical Private Service Edge over a virtual Private Service Edge?

 Higher throughput
 More rapid deployment
 They are customer managed
 They are multi-tenant

Question 59:  Correct answer

What options exist to process traffic in China? (Select 2)

 None - Zscaler does not operate in China.

 Tunnel all traffic outside China to Hong Kong.
 Use Zscaler data ceters in China.
 Use Zscaler Premium Access to access China DC's and DC's outside China as appropriate.

Question 60:  Correct answer

SSL inspection is important in order to see:

 Through ethernet cables, similar to X-ray vision but applied in an ethernet frame context
 The difference between a TLS1.0 and TLS1.1 connection, which can be the key to inspecting for d
 SMTP
Webhooks Next 
 Delineating between IPv4 and IPv6 traffic
 What's good and what's bad inside a connection, since most connections are encrypted, in order
understand if there is any malware coming in and/or if there's any sensitive data leaking out

Question 61:  Correct answer

What is an Application Segment? (Select 3).

 A mechanism to append DNS Suffixes to short names

 A list of FQDNs or IP Addresses
 A list of TCP or UDP Ports
 A wildcard domain

Question 62:  Incorrect answer

You can operationalize ZDX Alerting by feeding the alerts into your existing tools using: (Select 2).

 API
 Email

Question 63:  Correct answer
What does the SSMA (Single Scan Multi Action) function provide Zscaler?

 Super Scan Managed Action enables managed policies pushed through API's.
 Single Scan Multi Action enables multiple engines to act on a payload at once, providing greate
scalability.
 Server Scan Multiprocessor API allows for API based policy control.
 Server Scan More Action function allows load sharing across Zscaler Enforcement Nodes.

Question 64:  Correct answer

When troubleshooting a connectivity issue where the user is connecting to a sub-optimal Zscaler da
what items can you check? (Select 3).

 GeoIP information of the client

 Check if the client IP hardcoded with the wrong IP (hence incorrect GeoIP) or via DHCP
 Check PAC file (if used) and look at the $ (GATEWAY) statement
 Check the ip config on the user device for the correct Default Gateway

Question 65:  Correct answer

Which two items most accurately describe Zero Trust connections? (Select 2).

 They are independent of any network for control or trust.

 Access is granted by never sharing the network between the originator and the destination app
 Access is granted by always sharing the network between the originator and the destination app
 Users derive access by their device privilege.

 Take this test again

Next 
CedenoAssignment8 ICT581Assignment2 CedenoAssignment 4
 CedenoAssignment7 CedenoAssignment 2 DaliseChhe SQL code

CASO PRÁCTICO -Data UnitVIIReflectionPaperTempl… Essay- gpt

Mining Aplicado 1

SmartDataDiscoverySubmiss… Deliverable 3-6 (1) Week 5 Discussion - CSIA 485

new

Quick Links Company Legal

Literature Notes About CliffsNotes Service Terms
CliffsNotes study guides are written by real teachers and professors, Study Guides Contact us Privacy policy
so no matter what you're studying, CliffsNotes can ease your
Documents Do Not Sell My Personal Information Copyright, Community
homework headaches and help you score high on exams.
Homework Questions Guidelines, DSA & other legal
resources
Honor Code
Disclaimer

CliffsNotes, a Learneo, Inc. business

© Learneo, Inc. 2024