A.  

URL Filter is the most commonly used web filtering technique in the arsenal. It acts as first line of defense.

B.  

In a modern cloud world, access to all Internet sites and cloud applications should be granted by default. URL Filtering is no longer needed.

C.  

URL Filtering has been replaced by CASB functionality through blocking access to all Internet sites and only allowing a few corporate applications.

D.  

URL Filtering is outdated and no longer needed. The rise of HTTPS leads renders URL Filtering ineffective as all traffic is encrypted.

A.  

Spyware Callback

B.  

Botnet Protection

C.  

Blocked Countries

D.  

Browser Exploits

A.  

Out-of-band CASB

B.  

Cloud application control

C.  

URL filtering with SSL inspection

D.  

Endpoint DLP

A.  

Email Notification Template

B.  

NSS Log Forwarding to SIEM

C.  

SMS Text Message via PagerDuty

D.  

Zscaler Client Connector pop-up message

A.  

Execute a GPO update to retrieve the proxy settings from AD.

B.  

Enforce no Proxy Configuration.

C.  

Use Web Proxy Auto Discovery (WPAD) to auto-configure the proxy.

D.  

Use an automatic configuration script (forwarding PAC file).

A.  

Email is the only method for notifications as that is universally applicable and no other way of sending them makes sense.

B.  

In addition to email, text messages can be sent directly to one cell phone to alert the CISO who is then coordinating the work on the incident.

C.  

Leading ITSM systems can be connected to the Zero Trust Exchange using a NSS server, which will then connect to ITSM tools and forwards the alert.

D.  

In addition to email, notifications, based on Alert Rules, can be shared with leading ITSM or UCAAS tools over Webhooks.

A.  

Policy Framework

B.  

TLS Decryption

C.  

Reporting and Logging

D.  

Device Posture

A.  

Malware protection

B.  

File reputation

C.  

SHA-256 hashing

D.  

Site reputation

A.  

Enforced PAC mode

B.  

ZTunnel - Packet Filter Based

C.  

ZTunnel with Local Proxy

D.  

ZTunnel - Route Based

A.  

DNS Server, DHCP Server and Hostname/IP

B.  

DHCP Server, DNS Search Domain and Hostname/IP

C.  

Hostname/IP, DNS Server and DNS Search Domain

D.  

Hostname/IP, DNS Search Domain and DHCP Server

A.  

Watering Hole Attack

B.  

Pre-existing Compromise

C.  

Phishing Attack

D.  

Exploit Kits

A.  

Connect, Get, Head

B.  

Options, Delete, Put

C.  

Get, Delete, Trace

D.  

Connect, Post, Put

A.  

Page Fetch Time Probe and Cloud Path Probe

B.  

Web Probe and Page Fetch Time Probe

C.  

Page Fetch Time Probe and Server Response time Probe

D.  

Web Probe and Cloud Path Probe

A.  

Antivirus

B.  

Tenant Restrictions

C.  

Web Filtering

D.  

TLS Inspection

A.  

Destination NAT

B.  

FQDN Filtering with wildcard

C.  

DNS Dashboards, Insights and Logs

D.  

DNS Tunnel and DNS Application Control

A.  

They could look at SSL logs for a failed client handshake.

B.  

They could reboot the endpoint device.

C.  

They could inspect the ZIA Web Policy.

D.  

They could look into the SaaS application analytics tab.

A.  

Malware downloads from web pages

B.  

Personal emails, company documents, OneDrive

C.  

Spam, exploit kits, USB drives, video streaming

D.  

Phishing, Exploit Kits, Watering Holes, Pre-existing Compromise

A.  

Agentless plug-in installed on endpoints, such as desktops or laptops on a network. These plug-ins deploy decoy credentials, files, processes, and lures to other decoys at endpoints.

B.  

Software agent installed on a centralized server in datacenter or in cloud. The agents running in the server deploy decoy credentials, files, processes, and lures to other decoys at endpoints.

C.  

Software agent installed on endpoints, such as desktops or laptops on a network. These agents deploy decoy credentials, files, processes, and lures to other decoys at endpoints.

D.  

Agentless plug-in installed on endpoints, such as desktops or laptops on a network. These plug-ins auto rotates decoy credentials, files, processes, and lures to other decoys at endpoints.

A.  

IPS coverages for client-side and server-side

B.  

Reporting high latency from the CEO's Teams call due to a low Wi-Fi signal

C.  

Comprehensive URL categories for newly registered domains

D.  

Preventing the download of a password protected zip file

A.  

DLP Policies

B.  

DLP Rules

C.  

DLP dictionaries

D.  

DLP identifiers

A.  

Client connector

B.  

Private Service Edge

C.  

IPSec/GRE Tunnel

D.  

App Connector

A.  

When traffic contains a known threat signature.

B.  

When web traffic is on custom TCP ports.

C.  

When traffic is exempted in SSL Inspection policy rules.

D.  

When user has connected to server in the past.

A.  

DNS Server

B.  

Default Gateway

C.  

Org ID

D.  

Network Range

A.  

Cloud App Control

B.  

URL Filtering

C.  

Advanced Threat Protection

D.  

Mobile Malware Protection

A.  

2

B.  

6

C.  

4

D.  

3

A.  

Security Exceptions and Malicious Active Content Protection

B.  

File Format Vulnerabilities and Browser Exploits

C.  

Cookie Stealing and Potentially Malicious Requests

D.  

Cookie Stealing and Advanced Threats Policy

A.  

OpenID Connect (OIDC)

B.  

Transport Layer Security (TLS)

C.  

Security Assertion Markup Language (SAML)

D.  

System for Cross-domain Identity Management (SCIM)

A.  

The relationship between App Connector Groups and Server Groups is established dynamically in the Zero Trust Exchange as users try to access Applications

B.  

When a new Server Group is created it points to the App Connector Groups that provide visibility to this Server Group

C.  

Both App Connector Groups and Server Groups are linked together via the Data Center element

D.  

When you create a new App Connector Group you must select the list of Server Groups to which it provides visibility

A.  

External Attack Surface

B.  

Prevent Compromise

C.  

Data Loss

D.  

Lateral Propagation

A.  

When a condition is met, an Access Policy can either allow or block access to Application Segments OR Application Segment Groups.

B.  

When a condition is met, an Access Policy can allow access to Application Segments Groups and block access to Application Segment.

C.  

When a condition is met. an Access Policy can either allow or block access to Application Segments and Application Segment Groups.

D.  

When a condition is met, an Access Policy can allow access to Application Segments and block access to Application Segment Groups.

A.  

Platform Services

B.  

Access Control Services

C.  

Security Services

D.  

Advanced Threat Prevention Services

A.  

1-100

B.  

1-10

C.  

1 - 1000

D.  

0 - 50

A.  

ThreatLabZ pre-defined and customer defined

B.  

Snort defined and 3rd party defined

C.  

ThreatLabZ pre-defined and 3rd party defined

D.  

Customer defined and 3rd party defined

A.  

All traffic undergoes mandatory SSL inspection.

B.  

Office 365 traffic is exempted from SSL inspection and other web policies.

C.  

Non-Office 365 traffic is blocked.

D.  

All Office 365 drive traffic is blocked.

A.  

Zscaler scans all files regardless of size.

B.  

Zscaler scans files only if they are below 100 M

B.  

C.  

Zscaler scans files up to 500 MB

D.  

Zscaler scans files up to 400 MB.

A.  

Copy the group provisioning key to /opt/zscaler/var/provision key

B.  

Monitor the peak CPU and memory utilization of the AC

C.  

Schedule periodic software updates for the app connector group

D.  

Check the status of the new App Connector in the administration portal

A.  

The administrator needs to send a POST request along with the required parameters to ZIdentity"s token endpoint.

B.  

The administrator needs to send a GET request along with the required parameters to ZIdentity's token endpoint.

C.  

The administrator needs to logon to the ZIA portal to generate the access token with Super Admin role.

D.  

The administrator needs to logon to the ZIA portal to generate the access token with API Admin role.

A.  

The Cloud Firewall includes Deep Packet Inspection, which detects protocol evasions and sends the traffic to the respective engines for inspection and handling.

B.  

Zscaler Client Connector will prevent evasion on the endpoint in conjunction with the endpoint operating system’s firewall.

C.  

As traffic usually is forwarded from an on-premise firewall, this firewall will handle any evasion and will make sure that the protocols are corrected.

D.  

The Cloud Firewall includes an IPS engine, which will detect the evasion techniques and will just block the transactions as it is invalid.

A.  

Certificates are rotated every 90 days and have a 180-day expiration.

B.  

Lifetime certificates have no expiration date.

C.  

Certificates are rotated every seven days and have a 14-day expiration.

D.  

Certificates are issued dynamically and expire in 24 hours.

A.  

Web Probes and Cloud Path Probes

B.  

Application Probes and Network Probes

C.  

Page Speed Probes and Connection Speed Probes

D.  

SaaS Probes and Router Probes

A.  

Block malware that we have previously identified

B.  

Build a test environment where we can evaluate the result of policies

C.  

Identify Zero-Day Threats

D.  

Balance threat detection across customers around the world

A.  

Cloud Application policies provide better access control.

B.  

URL filtering policies provide better access control.

C.  

Wherever possible URL policies are recommended.

D.  

Both provide the same filtering capabilities.

A.  

The number of risk events is totaled by location and combined.

B.  

A risk score is computed based on the number of remediations needed compared to the industry peer average.

C.  

Time to mitigate each identified risk is totaled, averaged, and tracked to show ongoing trends.

D.  

A risk score is computed for each of the four stages of breach.

A.  

Sandbox

B.  

URL Filtering

C.  

File Type Control

D.  

IPS Control

A.  

1 minute

B.  

10 minutes

C.  

30 minutes

D.  

5 minutes