Version 3.0 — Distributed Monitoring &
Advanced Architecture Practice Examination.
SECTION 1: DISTRIBUTED MONITORING & PROXY ARCHITECTURE (Questions 1–12)
Q1. A global organization needs to monitor 50,000 devices across 15 regional offices
with limited WAN bandwidth. Each office has a local Zabbix proxy. Which proxy mode
is MOST appropriate to minimize WAN traffic while ensuring real-time alerting?
A. Active proxy mode with data buffering disabled to ensure immediate transmission
B. Passive proxy mode with all items configured as Zabbix Trapper
C. Active proxy mode with data buffering enabled and compression configured
D. Passive proxy mode with no data compression to reduce CPU overhead on the
proxy
Correct Answer: C
Rationale: Active proxy mode allows the proxy to initiate connections to the server,
which is ideal for NAT/firewalled environments. Enabling data buffering with
compression ensures that during WAN outages, data is stored locally and transmitted
efficiently when connectivity is restored, minimizing bandwidth usage while
maintaining data integrity. This is the standard architecture for large-scale
distributed deployments.
Q2. A Zabbix proxy in active mode has been offline for 4 hours due to a WAN outage.
The proxy buffer size is set to the default. What is the MOST likely outcome when
connectivity is restored?
A. All historical data is lost because active proxies do not support offline buffering
B. The proxy sends buffered data in chronological order, but data older than the
Housekeeping period is discarded
C. The proxy sends all buffered data, but any data exceeding the ProxyBufferSize is
discarded
D. The proxy automatically switches to passive mode to retrieve missing data from
the server
Correct Answer: C
,Rationale: Zabbix proxies buffer data locally during outages, but this buffering is
constrained by the ProxyBufferSize parameter (default: 16MB). Once this buffer is
exceeded, older data is overwritten with new data. Data is sent chronologically upon
reconnection, but the buffer size limitation—not the Housekeeping period—
determines data retention during outages. This is critical for capacity planning in
distributed architectures.
Q3. In a distributed monitoring architecture, an organization deploys Zabbix proxies
at each data center. Which statement about proxy-to-server communication is
CORRECT regarding encryption?
A. Encryption must be configured identically on all proxies; mixed TLS and non-TLS
proxies are not supported
B. Each proxy can independently configure TLS certificate-based encryption
regardless of server settings
C. The Zabbix server supports TLS with certificate, TLS with pre-shared key (PSK),
and unencrypted connections simultaneously on different proxies
D. TLS encryption is only supported in passive proxy mode because active mode uses
unencrypted Zabbix protocol
Correct Answer: C
Rationale: Zabbix supports per-host and per-proxy encryption configuration. The
server can simultaneously accept connections from proxies using TLS with
certificate, TLS with PSK, and unencrypted connections. This flexibility allows
gradual migration to encrypted communications and accommodates different
security requirements across distributed environments without requiring uniform
configuration.
Q4. An administrator needs to monitor devices in a remote DMZ network where
inbound connections are blocked by a firewall. The DMZ devices cannot initiate
outbound connections to the corporate network. Which architecture is MOST
appropriate?
A. Deploy an active Zabbix proxy in the DMZ and configure it to connect to the
corporate Zabbix server
B. Deploy a passive Zabbix proxy in the DMZ and configure the server to connect to it
through a firewall pinhole
C. Deploy a Zabbix agent on each DMZ device in active mode and configure it to
connect directly to the corporate server
, D. Deploy a Zabbix agent on each DMZ device in passive mode and open port 10050
from the server to each device
Correct Answer: B
Rationale: Since DMZ devices cannot initiate outbound connections, active proxy or
active agent modes are impossible. A passive proxy in the DMZ allows the corporate
server to initiate connections to the proxy (through a controlled firewall pinhole),
and the proxy then collects data from local agents. This architecture maintains
security boundaries while enabling monitoring of isolated networks.
Q5. A Zabbix proxy is configured with StartPollers=100, StartTrappers=5,
StartPingers=10, and StartDiscoverers=5. The proxy is monitoring 2,000 hosts with
15,000 items, primarily using Zabbix agent (active) and simple checks. The proxy log
shows "Zabbix poller processes more than 75% busy" warnings. Which action will
MOST effectively resolve this issue?
A. Increase StartTrappers to 20 to handle the high volume of active agent connections
B. Increase StartPollers to 200 and consider distributing hosts across additional
proxies
C. Increase StartPingers to 50 because simple checks are consuming all poller
resources
D. Decrease the item check intervals to reduce the polling frequency and spread the
load over time
Correct Answer: B
Rationale: The warning indicates that poller processes (responsible for passive
checks, including simple checks) are overloaded. While active agent items do not
consume poller resources, simple checks (ICMP pings, port checks) do. Increasing
StartPollers directly addresses the bottleneck. For 15,000 items across 2,000 hosts,
proxy capacity planning suggests either increasing poller counts or distributing load
across multiple proxies, as single proxies have practical limits (~1,000–2,000 hosts
depending on item complexity).
Q6. In a Zabbix 6.0 distributed environment, an administrator wants to implement
high availability for a Zabbix proxy. Which statement is CORRECT regarding proxy
HA?
A. Zabbix 6.0 natively supports proxy HA clusters using a shared virtual IP and
keepalived