Zscaler EDU 200 - Essentials - ZDTA Study set
Latest Update 2025-2026 125 Questions and
100% Verified Correct Answers Guaranteed A+
A Cloud Path supports the following protocols for probing: (Select 3)
1. BGP
2. ICMP
3. TCP
4. UDP - CORRECT ANSWER: ICMP
TCP
UDP
A server group maps _____ to ____?
Options:
- App Connectors Groups to Application Segments
- Applications to FQDNS
- FQDNs to IP Addresses
- Applications to Application Groups - CORRECT ANSWER: App Connectors Groups to
Application Segments
Browser Based Access enables what kinds of applications to be published?
Options:
- HTTP and HTTPS
- RDP and SSH
- Telnet and RDP
,- HTTP, HTTPS, and SSH - CORRECT ANSWER: HTTP and HTTPS
By how much has hybrid work increased ticket resolution time? - CORRECT ANSWER:
30%
Cloud Path can provide visibility over which paths?
Options:
- Cloud Path can provide visibility into the traffic going directly via ZIA and ZPA
- In tunnels formed over ZIA using ZCC Tunnel 2.0 only
- Mainly tunnels which are running ZPA (mtunnels)
- Direct Internet traffic only, as it is not possible to traceroute via Layer 7 Proxy -
CORRECT ANSWER: Cloud Path can provide visibility into the traffic going directly via
ZIA and ZPA
Contextual DLP policy includes (Select 3): - CORRECT ANSWER: File Type Control
Cloud App Control
Tenancy Restrictions
Define a zero trust connection - CORRECT ANSWER: Independent of any network for
control or trust. Zero trust ensures access is granted by never sharing the network
between the originator and the destination application.
Do most organizations around the world inspect 100% of all SSL/TLS encrypted traffic?
Options:
- Yes - in fact the inspected percentage can be higher than 100% due to double
inspection
, - The reality is more nuanced - certain traffic exclusions for healthcare and financial
websites may be required depending on the organization's choice - that is why the
Zscaler platform has the ability to bypass SSL inspection for certain categories of
websites. Furthermore certain types of latency sensitive traffic such as UCaaS should
be bypassed, so organizations rarely inspect of all traffic
- The average inspection percentage is 99%, with only certain global bypasses for
developer environments based on a pre-defined list that Zscaler defines which cannot
be changed
- This is a best practice that is recommended only in retail, due to retail-specific
ransomware threats that are seasonal - CORRECT ANSWER: The reality is more
nuanced - certain traffic exclusions for healthcare and financial websites may be
required depending on the organization's choice - that is why the Zscaler platform has
the ability to bypass SSL inspection for certain categories of websites. Furthermore
certain types of latency sensitive traffic such as UCaaS should be bypassed, so
organizations rarely inspect of all traffic
EDM (Exact Data Match) is an advanced DLP feature that does which of the following?
- CORRECT ANSWER: EDM enables organizations to perform a structured data match
on specific types of data, e.g. a column of credit card numbers
How are app connectors deployed? - CORRECT ANSWER: A provisioning key is
created for each connector group, which is signed by by an intermediate certificate
authority and
the intermediate trusted by the root CA. Clients are enrolled against a client
intermediate certificate authority.
How are Newly Observed Domains (NODs) different than Newly Registered Domains
(NRDs)? - CORRECT ANSWER: NRDs were registered recently, whereas NODs may
have been registered some time ago but have never been observed with actual clients
visiting them, which makes them suspicious
How can Zscaler integrate with third-party firewall configuration management vendors
so that customers can create and read firewall rules programmatically?
Latest Update 2025-2026 125 Questions and
100% Verified Correct Answers Guaranteed A+
A Cloud Path supports the following protocols for probing: (Select 3)
1. BGP
2. ICMP
3. TCP
4. UDP - CORRECT ANSWER: ICMP
TCP
UDP
A server group maps _____ to ____?
Options:
- App Connectors Groups to Application Segments
- Applications to FQDNS
- FQDNs to IP Addresses
- Applications to Application Groups - CORRECT ANSWER: App Connectors Groups to
Application Segments
Browser Based Access enables what kinds of applications to be published?
Options:
- HTTP and HTTPS
- RDP and SSH
- Telnet and RDP
,- HTTP, HTTPS, and SSH - CORRECT ANSWER: HTTP and HTTPS
By how much has hybrid work increased ticket resolution time? - CORRECT ANSWER:
30%
Cloud Path can provide visibility over which paths?
Options:
- Cloud Path can provide visibility into the traffic going directly via ZIA and ZPA
- In tunnels formed over ZIA using ZCC Tunnel 2.0 only
- Mainly tunnels which are running ZPA (mtunnels)
- Direct Internet traffic only, as it is not possible to traceroute via Layer 7 Proxy -
CORRECT ANSWER: Cloud Path can provide visibility into the traffic going directly via
ZIA and ZPA
Contextual DLP policy includes (Select 3): - CORRECT ANSWER: File Type Control
Cloud App Control
Tenancy Restrictions
Define a zero trust connection - CORRECT ANSWER: Independent of any network for
control or trust. Zero trust ensures access is granted by never sharing the network
between the originator and the destination application.
Do most organizations around the world inspect 100% of all SSL/TLS encrypted traffic?
Options:
- Yes - in fact the inspected percentage can be higher than 100% due to double
inspection
, - The reality is more nuanced - certain traffic exclusions for healthcare and financial
websites may be required depending on the organization's choice - that is why the
Zscaler platform has the ability to bypass SSL inspection for certain categories of
websites. Furthermore certain types of latency sensitive traffic such as UCaaS should
be bypassed, so organizations rarely inspect of all traffic
- The average inspection percentage is 99%, with only certain global bypasses for
developer environments based on a pre-defined list that Zscaler defines which cannot
be changed
- This is a best practice that is recommended only in retail, due to retail-specific
ransomware threats that are seasonal - CORRECT ANSWER: The reality is more
nuanced - certain traffic exclusions for healthcare and financial websites may be
required depending on the organization's choice - that is why the Zscaler platform has
the ability to bypass SSL inspection for certain categories of websites. Furthermore
certain types of latency sensitive traffic such as UCaaS should be bypassed, so
organizations rarely inspect of all traffic
EDM (Exact Data Match) is an advanced DLP feature that does which of the following?
- CORRECT ANSWER: EDM enables organizations to perform a structured data match
on specific types of data, e.g. a column of credit card numbers
How are app connectors deployed? - CORRECT ANSWER: A provisioning key is
created for each connector group, which is signed by by an intermediate certificate
authority and
the intermediate trusted by the root CA. Clients are enrolled against a client
intermediate certificate authority.
How are Newly Observed Domains (NODs) different than Newly Registered Domains
(NRDs)? - CORRECT ANSWER: NRDs were registered recently, whereas NODs may
have been registered some time ago but have never been observed with actual clients
visiting them, which makes them suspicious
How can Zscaler integrate with third-party firewall configuration management vendors
so that customers can create and read firewall rules programmatically?
