A.  

DNS Time and Network Response Time

B.  

Server Response Time and Packet Loss Rate

C.  

DNS Time and Server Response Time

D.  

Page Fetch Time and Packet Loss Rate

A.  

Only some Linux operating systems have Domain Joined posture profile support in Zscaler.

B.  

When a ZPA Browser Access client attempts to access an application, Zscaler can determine if that device is joined to a particular domain.

C.  

If a 2nd domain and a sub-domain are needed in the Access Policy rule you must create a 2nd posture profile with the other domain and add it to the Access Policy.

D.  

Zscaler ZPA can contact the IDP such as Azure AD out-of-band to verify if a device is joined to a particular domain.

A.  

NSS (Nanolog Streaming Service) opens a secure tunnel to the cloud. User access goes through the ZEN (Zscaler Enforcement Node). ZEN sends the logs to the cloud Nanolog for storage. Cloud Nanolog streams a copy of the log to NSS. NSS sends the log to the SIEM over the network.

B.  

NSS opens a secure tunnel to the cloud. Cloud Nanolog streams a copy of the log to NSS. User access goes through the ZEN. ZEN sends the logs to the cloud Nanolog for storage. NSS sends the log to the SIEM over the network.

C.  

User access goes through the ZEN (Zscaler Enforcement Node). NSS (Nanolog Streaming Service) opens a secure tunnel to the cloud. ZEN sends the logs to the cloud Nanolog for storage. Cloud Nanolog streams a copy of the log to NSS. NSS sends the log to the SIEM over the network.

D.  

NSS opens a secure tunnel to the cloud. ZEN sends the logs to the cloud Nanolog for storage. User access goes through the ZEN. Cloud Nanolog streams a copy of the log to NSS. NSS sends the log to the SIEM over the network.

A.  

Network

B.  

Device

C.  

Interface

D.  

Application

A.  

IPSec Tunnel

B.  

Z-Tunnel 1.0

C.  

GRE Tunnel

D.  

Z-Tunnel 2.0

A.  

NSS Server

B.  

SAML Identity Provider

C.  

Active Directory

D.  

Zscaler

A.  

Threat Intelligence integration

B.  

Application segmentation

C.  

Role-based access control

D.  

User behavior analysis

A.  

Enrolling users’ device information and installing antivirus features in Zscaler Client Connector (ZCC).

B.  

Creating App Connector Groups and enrolling users’ device information.

C.  

Creating URL filtering rules and accessing ZDX Copilot.

D.  

Creating App Connector Groups and accessing ZDX Copilot.

A.  

In-depth overview of Zscaler’s architecture platform, including its global scale, additional capabilities, and API infrastructure.

B.  

Enabling versions to control which version (if any) of Zscaler Client Connector is available when end users manually update the app or when you configure automatic app updates.

C.  

Configuration of ZDX for applications, call quality monitoring, probes, diagnostics, alerts, and role-based administration to ensure effective SaaS and web application monitoring.

D.  

Exploring Intrusion Prevention System, DNS Control, Tenant Restrictions, and secure application segmentation.

A.  

One static analysis, one dynamic analysis, and a second static analysis of all dropped files and artifacts from the dynamic analysis.

B.  

As many rounds of analysis as the policy is configured to perform.

C.  

Only a static analysis is performed.

D.  

Only one static and one dynamic analysis is performed.

A.  

A set of decoys representing users and server elements used to identify an attacker accessing our infrastructure.

B.  

A set of decoys representing network elements used to identify an attacker accessing our infrastructure.

C.  

A simple and more effective targeted threat detection solution built on the Zscaler Zero Trust architecture.

D.  

An early detection system supported via servers located inside our corporate infrastructure.

A.  

Controls, Profiles, Policies

B.  

Policies, Controls, Profiles

C.  

Traffic Inspection, Vulnerability Identification, Action Based on User Behavior

D.  

Profiles, Controls, Policies

A.  

Minimum set of required credentials to access the SaaS Application Tenants

B.  

Temporary user credentials to access the SaaS Application Tenants

C.  

Broad access to all SaaS Application Tenants across Microsoft and Google

D.  

Full administrator credentials to access the SaaS Application Tenants

A.  

By allowing traffic to bypass ZIA Public Service Edges and connect directly to the destination

B.  

By creating a subcloud that includes only ZIA Public Service Edges within the required region

C.  

By deploying local VPNs to ensure regional traffic compliance

D.  

By dynamically allocating traffic to the closest Public Service Edge, regardless of the region

A.  

Client Certificate

B.  

Full Disk Encryption

C.  

Domain Joined

D.  

CrowdStrike ZTA Sensor Setting Score

A.  

JSON Web Tokens

B.  

OAuth 2.0

C.  

SAML

D.  

API Keys

A.  

A service hostname that contains revealing information.

B.  

Certificates installed on clients to enable SSL inspection.

C.  

The IP address of a properly deployed Zscaler App Connector.

D.  

Lists of known compromised usernames and passwords.

A.  

Managing endpoint security updates

B.  

Providing cloud storage services

C.  

Load balancing internet traffic

D.  

Acting as key policy enforcement engines