A.  

By generating synthetic transactions to designated Internet and Private applications every 5 minutes and measuring the performance of those sessions.

B.  

By constantly analyzing live user sessions to both Internet and Private applications and measuring the performance of those sessions.

C.  

By using AI predictive analysis ZDX can extrapolate near-term client performance based upon recent past data observed.

D.  

By constantly analyzing live user sessions to critical SaaS applications and measuring the performance of those sessions.

A.  

An end-user device like a laptop or an OT/IoT device

B.  

A URL providing access to a specific resource

C.  

Zscaler public service edges

D.  

Zscaler API gateway providing access to various components

A.  

Antivirus

B.  

Tenant Restrictions

C.  

Web Filtering

D.  

TLS Inspection

A.  

When traffic contains a known threat signature.

B.  

When web traffic is on custom TCP ports.

C.  

When traffic is exempted in SSL Inspection policy rules.

D.  

When user has connected to server in the past.

A.  

Layered defense increases costs to attackers to operate.

B.  

Layered defense from multiple vendor solutions easily share attacker data.

C.  

Layered defense ensures attackers are prevented eventually.

D.  

Layered defense with multiple endpoint agents protects from attackers.

A.  

All traffic undergoes mandatory SSL inspection.

B.  

Office 365 traffic is exempted from SSL inspection and other web policies.

C.  

Non-Office 365 traffic is blocked.

D.  

All Office 365 drive traffic is blocked.

A.  

Client connector

B.  

Private Service Edge

C.  

IPSec/GRE Tunnel

D.  

App Connector

A.  

Six - one per data center plus two for cold standby.

B.  

Eight -two per data center.

C.  

Four - one per data center.

D.  

Sixteen - to support a full mesh to the other data centers.

A.  

No. Cloud Browser Isolation is a separate platform.

B.  

No. Cloud Browser Isolation is only a feature of Advanced Threat Defense.

C.  

Yes. After blocking access to a site, the user can manually switch on isolation.

D.  

Yes. Isolate is a possible Action for URL Filtering.

A.  

Outbound traffic is shaped. Inbound or localhost traffic is unshaped.

B.  

Outbound or inbound traffic is shaped. Localhost traffic is unshaped.

C.  

Inbound traffic is shaped. Outbound or localhost traffic is unshaped.

D.  

Localhost traffic is shaped. Outbound or Inbound traffic is unshaped.

A.  

Sandbox

B.  

URL Filtering

C.  

File Type Control

D.  

IPS Control

A.  

The Cloud Firewall includes Deep Packet Inspection, which detects protocol evasions and sends the traffic to the respective engines for inspection and handling.

B.  

Zscaler Client Connector will prevent evasion on the endpoint in conjunction with the endpoint operating system’s firewall.

C.  

As traffic usually is forwarded from an on-premise firewall, this firewall will handle any evasion and will make sure that the protocols are corrected.

D.  

The Cloud Firewall includes an IPS engine, which will detect the evasion techniques and will just block the transactions as it is invalid.

A.  

Client Type

B.  

SCIM User Attributes

C.  

Trusted Network

D.  

Posture Profiles

A.  

Access Control Services

B.  

Digital Experience Monitoring

C.  

Cyber Security Services

D.  

Platform Services

A.  

Spyware Callback

B.  

Anonymizers

C.  

Cookie Stealing

D.  

IRC Tunneling

A.  

Find Cash Safe

B.  

Find Email Addresses

C.  

Find Least Secure Office Building

D.  

Find Attack Surface

A.  

Zscaler's AI/ML based Smart Browser Isolation was triggered due to a users accessing a newly-registered domain.

B.  

A new malicious file was detected by the sandbox due to an “allow and scan” First-Time Action in the sandbox policy.

C.  

A new malicious file was detected by the sandbox due to an “quarantine” First-Time Action in the sandbox policy.

D.  

Zscaler detected a HIPAA violation with in-band Data Protection scanning.

A.  

Data loss prevention

B.  

Stopping reconnaissance attacks

C.  

DDoS protection

D.  

Log analysis

A.  

The IP ranges included/excluded in the App Profile

B.  

The PAC file used in the Forwarding Profile

C.  

The PAC file used in the Application Profile

D.  

The Machine Key used in the Application Profile

A.  

Remote access trojans

B.  

Phishing

C.  

Exploit kits

D.  

Watering hole attack

A.  

Copy the group provisioning key to /opt/zscaler/var/provision key

B.  

Monitor the peak CPU and memory utilization of the AC

C.  

Schedule periodic software updates for the agg connector group

D.  

Check the status of the new App Connector in the administration portal

A.  

Group Membership, ZIA Risk Score, Domain Joined, Certificate Trust

B.  

Username, Trusted Network Status, Password, Location

C.  

SCIM Group, Time of Day, Client Type, Country Code

D.  

Department, SNI, Branch Connector Group, Machine Group

A.  

Command and Control Traffic

B.  

Ransomware

C.  

Troians

D.  

Adware/Spyware Protection

A.  

External Attack Surface

B.  

Prevent Compromise

C.  

Data Loss

D.  

Lateral Propagation

A.  

identity Admin Portal

B.  

Mobile Admin Portal

C.  

Experience Center

D.  

One API

A.  

Execute a GPO update to retrieve the proxy settings from AD.

B.  

Enforce no Proxy Configuration.

C.  

Use Web Proxy Auto Discovery (WPAD) to auto-configure the proxy.

D.  

Use an automatic configuration script (forwarding PAC file).

A.  

Maps FQDNs to IP Addresses

B.  

Maps Applications to FQDNs

C.  

Maps App Connector Groups to Application Segments

D.  

Maps Applications to Application Groups

A.  

Deception creating decoy files for malware to discover.

B.  

Application Segmentation of users to specific private applications.

C.  

TLS Inspection decrypting traffic to compare signatures for known risks.

D.  

Data Loss Protection comparing saved filenames for known risks.

A.  

Amazon S3

B.  

Webex Teams

C.  

Dropbox

D.  

Google Workspace

A.  

Out-of-band CASB

B.  

Cloud application control

C.  

URL filtering with SSL inspection

D.  

Endpoint DLP

A.  

No. Access Control Services will only control access to the Internet and cloud applications.

B.  

Yes. Controls for segmentation and conditional access are part of the Access Control Services.

C.  

Yes. The Cloud Firewall will detect network segments and provide conditional access.

D.  

No. The endpoint firewall will detect network segments and steer access.

A.  

Yes, the Wi-Fi hop latency is shown on a cloud path probe.

B.  

Yes. but the current Wi-Fi signal strength is only displayed when doing a deep trace.

C.  

No, ZDX only works on hardwired devices.

D.  

Yes, a low Wi-Fi signal may be seen in either the results of a Cloud Path Probe or in the device health Wi-Fi signal indicator.

A.  

Destination NAT

B.  

FQDN Filtering with wildcard

C.  

DNS Dashboards, Insights and Logs

D.  

DNS Tunnel and DNS Application Control

A.  

1 minute

B.  

10 minutes

C.  

30 minutes

D.  

5 minutes

A.  

Hostname Resolution, Network Adapter IP, Default Gateway

B.  

DNS Servers, DNS Search Domain, Network Adapter IP

C.  

Hostname Resolution, DNS Servers, Geo Location

D.  

DNS Search Domain, DNS Server, Hostname Resolution

A.  

RDP, VNC and SSH

B.  

RDP, SSH and DHCP

C.  

SSH, DNS and DHCP

D.  

RDP, DNS and VNC

A.  

To provide an end-to-end communication channel between ZCC clients

B.  

To provide an end-to-end communication channel to Microsoft Applications such as M365

C.  

To create an end-to-end communication channel to Azure AD for authentication

D.  

To create an end-to-end communication channel to internal applications