[[2026]]Page 1 of 16 !! ZDTE. STUDY GUIDE.pdf ZDTE. STUDY GUIDE
ZDTE. STUDY GUIDE
Adaptive polciies? What do they do? - ANSWER✔ They provide consistent policies no matter where the
user is located.
AI-Driven Quarantine Effect of Cloud Sandbox: - ANSWER✔ An AI-driven malware prevention engine
intelligently identifies, quarantines, and prevents unknown or suspicious threats inline using advanced
AI/ML without rescanning benign files.
API for Cloud Firewalls? What are the rights? - ANSWER✔ Full Create, Read, Update, Delete, CRUD API
Set
Call Quality Monitoring - what apps are supported? - ANSWER✔ ZDX supports call quality monitoring for
both Zoom and Teams
CFW: Select the options that are relevant to Zscaler's Intusion Prevention System capability (Select two)
- ANSWER✔ (1) Core security capabilities (2) IPS info also leveraged in individual risk
Cloud Firewall - two modules in enforcement nodes. What are they? - ANSWER✔ Firewall module and
proxy module
Cloud firewall Predefined apps: - ANSWER✔ Youtube, Google, MSFT, AWS, Slack, Dropbox, Webex,
Zoho, GCP, IBM smartcloud
Cloud FW: What are the two versions of tenant restriction? V1 and V2 - ANSWER✔ The difference
between these two is in version one, you have to give just the information about the tenant directory ID,
tenant profile name, which are oftentimes available in the Microsoft 365 admin console. And once you
give that, you are basically restricting that particular third party or contractor to only access their
tenants. They cannot access your parent organization tenants. So that's what version one does.
ZDTE. STUDY GUIDE.pdf ZDTE. STUDY GUIDE.pdf Page 1
,[[2026]]Page 2 of 16 !! ZDTE. STUDY GUIDE.pdf ZDTE. STUDY GUIDE
In version two, things are much more advanced. Microsoft has done some additional capabilities around
tenancies where you not only define whether the third party can access their tenant or not.
Cloud FW: What is an example of the granular policies for tenant restriction? - ANSWER✔ Grant access
to gmail app but deny uploading any files to it to contractors
Cloud Sandbox: WHat are the four distinct stages of the CLoud Sandbox workflow? - ANSWER✔ 1. Cloud
effect, (2) prefiltered, (3) behavioral analysis, (4) Post-processing
Customers can bring their own custom signatures to create custom IPS rules as a part of Zscaler's cloud
firewall functionality. - ANSWER✔ TRUE
Deception: How do you block some suspicious traffic for analysis? - ANSWER✔ ZS redirects request to a
specific IP address and trick the end user to assume that it is a genuine server and buy time for analysis
Deception: What is a quick way to stop threats right at the DNS level itself? - ANSWER✔ Always block
some of the Advanced Security URL categories that ZS offers in a DNS filtering rule
DNS Control best practices - ANSWER✔ 1. Set unknown DNS traffic to block, block all commonly blocked
DNS tunnels, Block all common allowed tunnels and whitelist good.
DP : What action does Zscaler take when it identifies an unknown content? - ANSWER✔ Completely
unknown assets are sandboxed and wait for a verdict from our cloud sandbox and trigger remediation
actions
DP :What is parallel processing? - ANSWER✔ Even when there is a match, we will continue to go down
to the policy engine and be able to execute all the policies before we stop.
DP at REST: WHat are the two focus areas of protecting data at rest? - ANSWER✔ (1) how to prevent
data loss. (2) How to protect against known and unknown threats?
ZDTE. STUDY GUIDE.pdf ZDTE. STUDY GUIDE.pdf Page 2
, [[2026]]Page 3 of 16 !! ZDTE. STUDY GUIDE.pdf ZDTE. STUDY GUIDE
DP: As part of protection against malware, what action will Zscaler take when it finds an asset that is
completely unknown? - ANSWER✔ Zscaler will sandbox the unknown content, wait for the verdict from
the cloud sandbox and accordingly trigger a remediation action.
DP: How does Shadow IT visibility influence your policy constructions? - ANSWER✔ Based on risk score
all apps that are higher than risk 4 should be auto blocked. Granular policy (ie all apps not PCI-certified
cannot be used by finance team).
DP: How does Zscaler classify the documents, and the data, automatically without an admin creating any
rules? - ANSWER✔ We use AI/ML we collected millions of docs, anonymized the data, and fed it to ALML
DP: State whether the following statement is true or false: Incident Management is a policy protects
your traffic from fraud, unauthorized communication, and other malicious objects and scripts. -
ANSWER✔ FALSE
DP: What action does Zscaler take when it identifies malicious content? - ANSWER✔ Triggers quarantine
DP: What do we do if a customer changes the default risk score of an application? - ANSWER✔ WE
immediately readjust that risk score for that specific tenant, for that specific customer.
DP: What does cloud application control allow you to do? - ANSWER✔ Create excess control policies
based on where the user is going and their activities
DP: What is the first step in the process of data at rest scanning? - ANSWER✔ Ultize the same DLP
policies you built for inline and identify those assets in the cloud.
DP: Which inline data protection capability differentiates between different instances of the same
tenant and enables us to apply very granular policies? - ANSWER✔ Posture management (WRONG?)
DP: Which Zscaler capability protects your sensitive data contained in images? - ANSWER✔ OCR
ZDTE. STUDY GUIDE.pdf ZDTE. STUDY GUIDE.pdf Page 3
ZDTE. STUDY GUIDE
Adaptive polciies? What do they do? - ANSWER✔ They provide consistent policies no matter where the
user is located.
AI-Driven Quarantine Effect of Cloud Sandbox: - ANSWER✔ An AI-driven malware prevention engine
intelligently identifies, quarantines, and prevents unknown or suspicious threats inline using advanced
AI/ML without rescanning benign files.
API for Cloud Firewalls? What are the rights? - ANSWER✔ Full Create, Read, Update, Delete, CRUD API
Set
Call Quality Monitoring - what apps are supported? - ANSWER✔ ZDX supports call quality monitoring for
both Zoom and Teams
CFW: Select the options that are relevant to Zscaler's Intusion Prevention System capability (Select two)
- ANSWER✔ (1) Core security capabilities (2) IPS info also leveraged in individual risk
Cloud Firewall - two modules in enforcement nodes. What are they? - ANSWER✔ Firewall module and
proxy module
Cloud firewall Predefined apps: - ANSWER✔ Youtube, Google, MSFT, AWS, Slack, Dropbox, Webex,
Zoho, GCP, IBM smartcloud
Cloud FW: What are the two versions of tenant restriction? V1 and V2 - ANSWER✔ The difference
between these two is in version one, you have to give just the information about the tenant directory ID,
tenant profile name, which are oftentimes available in the Microsoft 365 admin console. And once you
give that, you are basically restricting that particular third party or contractor to only access their
tenants. They cannot access your parent organization tenants. So that's what version one does.
ZDTE. STUDY GUIDE.pdf ZDTE. STUDY GUIDE.pdf Page 1
,[[2026]]Page 2 of 16 !! ZDTE. STUDY GUIDE.pdf ZDTE. STUDY GUIDE
In version two, things are much more advanced. Microsoft has done some additional capabilities around
tenancies where you not only define whether the third party can access their tenant or not.
Cloud FW: What is an example of the granular policies for tenant restriction? - ANSWER✔ Grant access
to gmail app but deny uploading any files to it to contractors
Cloud Sandbox: WHat are the four distinct stages of the CLoud Sandbox workflow? - ANSWER✔ 1. Cloud
effect, (2) prefiltered, (3) behavioral analysis, (4) Post-processing
Customers can bring their own custom signatures to create custom IPS rules as a part of Zscaler's cloud
firewall functionality. - ANSWER✔ TRUE
Deception: How do you block some suspicious traffic for analysis? - ANSWER✔ ZS redirects request to a
specific IP address and trick the end user to assume that it is a genuine server and buy time for analysis
Deception: What is a quick way to stop threats right at the DNS level itself? - ANSWER✔ Always block
some of the Advanced Security URL categories that ZS offers in a DNS filtering rule
DNS Control best practices - ANSWER✔ 1. Set unknown DNS traffic to block, block all commonly blocked
DNS tunnels, Block all common allowed tunnels and whitelist good.
DP : What action does Zscaler take when it identifies an unknown content? - ANSWER✔ Completely
unknown assets are sandboxed and wait for a verdict from our cloud sandbox and trigger remediation
actions
DP :What is parallel processing? - ANSWER✔ Even when there is a match, we will continue to go down
to the policy engine and be able to execute all the policies before we stop.
DP at REST: WHat are the two focus areas of protecting data at rest? - ANSWER✔ (1) how to prevent
data loss. (2) How to protect against known and unknown threats?
ZDTE. STUDY GUIDE.pdf ZDTE. STUDY GUIDE.pdf Page 2
, [[2026]]Page 3 of 16 !! ZDTE. STUDY GUIDE.pdf ZDTE. STUDY GUIDE
DP: As part of protection against malware, what action will Zscaler take when it finds an asset that is
completely unknown? - ANSWER✔ Zscaler will sandbox the unknown content, wait for the verdict from
the cloud sandbox and accordingly trigger a remediation action.
DP: How does Shadow IT visibility influence your policy constructions? - ANSWER✔ Based on risk score
all apps that are higher than risk 4 should be auto blocked. Granular policy (ie all apps not PCI-certified
cannot be used by finance team).
DP: How does Zscaler classify the documents, and the data, automatically without an admin creating any
rules? - ANSWER✔ We use AI/ML we collected millions of docs, anonymized the data, and fed it to ALML
DP: State whether the following statement is true or false: Incident Management is a policy protects
your traffic from fraud, unauthorized communication, and other malicious objects and scripts. -
ANSWER✔ FALSE
DP: What action does Zscaler take when it identifies malicious content? - ANSWER✔ Triggers quarantine
DP: What do we do if a customer changes the default risk score of an application? - ANSWER✔ WE
immediately readjust that risk score for that specific tenant, for that specific customer.
DP: What does cloud application control allow you to do? - ANSWER✔ Create excess control policies
based on where the user is going and their activities
DP: What is the first step in the process of data at rest scanning? - ANSWER✔ Ultize the same DLP
policies you built for inline and identify those assets in the cloud.
DP: Which inline data protection capability differentiates between different instances of the same
tenant and enables us to apply very granular policies? - ANSWER✔ Posture management (WRONG?)
DP: Which Zscaler capability protects your sensitive data contained in images? - ANSWER✔ OCR
ZDTE. STUDY GUIDE.pdf ZDTE. STUDY GUIDE.pdf Page 3
