ZSCALER EDU 200 ESSENTIALS ZDTA COMPREHENSIVE
EXAM QUESTIONS AND ANSWERS 2025/2026 GRADED A+
✔✔Why is it important for a cloud-gen firewall to implement DPI signatures?
Options:
- Evasive apps like BitTorrent can often disguise themselves as coming from a standard
port, and it is critical to identify and block these applications
- Web traffic only traverses ports 80 and 443, so IPS engines are geared towards these
ports to help people identify malicious web traffic
- In high-traffic volume situations, IPS signatures will help reduce false positives
- IPS signatures are lightweight and can therefore be handled by traditional firewalls -
✔✔Evasive apps like BitTorrent can often disguise themselves as coming from a
standard port, and it is critical to identify and block these applications
✔✔How are Newly Observed Domains (NODs) different than Newly Registered
Domains (NRDs)? - ✔✔NRDs were registered recently, whereas NODs may have been
registered some time ago but have never been observed with actual clients visiting
them, which makes them suspicious
✔✔What is the Zscaler Page Risk score? - ✔✔The Page Risk score is a slider on the
Advanced Threat Protection configuration page, which allows a user to pre-select what
level of risk they are comfortable with on particular websites; the risk itself is computed
on a scale of 0-100 by looking at several factors including the top-level domain, the user
agent, whether certain HTTP headers are missing, whether a high-entropy domain
name is being used, and several other factors
✔✔What is Ransomware? - ✔✔Malware that steals data and encrypts it
✔✔Once a phishing attack occurs and a user is directed to malicious content, which of
the following typically occurs? - ✔✔One or more files are downloaded, with the attacker
also attempting to download secondary payloads onto the user's machine
The establishing of an outbound connection from the user's device using an outbound
command and control channel to an adversaries' infrastructure
Full control over the endpoint by the adversary
✔✔What is Zscaler ThreatLabZ? - ✔✔A best-in-class security threat research team of
more than 100+ security researchers who analyze security trends and help keep
Zscaler's signature databases up to date
✔✔What is a spear phishing attack? - ✔✔A type of attack in which malicious files or
attachments can be used in an email, luring the user to open it
✔✔Contextual DLP policy includes (Select 3): - ✔✔File Type Control
Cloud App Control
, Tenancy Restrictions
✔✔Zscaler supports data at rest scanning with DLP and Cloud Sandbox using which
technology? - ✔✔OOB CASB
✔✔Zscaler offers ML based data discovery for many thematic document categories
such as: (Select 3) - ✔✔Legal documents
Medical records
Images such as passports, driving license, etc.
✔✔Zscaler offers user notification and coaching via which of the following mechanisms?
(Select 3) - ✔✔Browser Notification (Browser based)
Slack Connector (Application based)
Zscaler Workflow Automation (Client connector pop-up)
✔✔EDM (Exact Data Match) is an advanced DLP feature that does which of the
following? - ✔✔EDM enables organizations to perform a structured data match on
specific types of data, e.g. a column of credit card numbers
✔✔OCR (Optical Character Recognition) is necessary for which of the following? -
✔✔OCR helps protect sensitive data in images, image files and handwritten texts
✔✔To protect sensitive data, organizations must inspect the content inline with data
classification capabilities such as predefined dictionaries, custom dictionaries, etc. (True
or False) - ✔✔TRUE
✔✔SSPM (SaaS Security Posture Management) enables organizations to find which of
the following: - ✔✔Cloud misconfigurations and compliance violations
✔✔Zscaler offers fully integrated data protection for all channels, which includes:
(Select 3) - ✔✔Cloud channels such as data in motion or data-at-rest in SaaS
applications
Endpoint
Email
✔✔What is a possible data exfiltration channel? - ✔✔Cloud based personal email, file
sharing, and collaboration tools
✔✔How do most major security breaches begin? - ✔✔An attacker finding your attack
surface
✔✔With Zero Trust, if we use the analogy of publishing your phone number, then: -
✔✔Your phone number is unpublished and only authorized parties can call you
EXAM QUESTIONS AND ANSWERS 2025/2026 GRADED A+
✔✔Why is it important for a cloud-gen firewall to implement DPI signatures?
Options:
- Evasive apps like BitTorrent can often disguise themselves as coming from a standard
port, and it is critical to identify and block these applications
- Web traffic only traverses ports 80 and 443, so IPS engines are geared towards these
ports to help people identify malicious web traffic
- In high-traffic volume situations, IPS signatures will help reduce false positives
- IPS signatures are lightweight and can therefore be handled by traditional firewalls -
✔✔Evasive apps like BitTorrent can often disguise themselves as coming from a
standard port, and it is critical to identify and block these applications
✔✔How are Newly Observed Domains (NODs) different than Newly Registered
Domains (NRDs)? - ✔✔NRDs were registered recently, whereas NODs may have been
registered some time ago but have never been observed with actual clients visiting
them, which makes them suspicious
✔✔What is the Zscaler Page Risk score? - ✔✔The Page Risk score is a slider on the
Advanced Threat Protection configuration page, which allows a user to pre-select what
level of risk they are comfortable with on particular websites; the risk itself is computed
on a scale of 0-100 by looking at several factors including the top-level domain, the user
agent, whether certain HTTP headers are missing, whether a high-entropy domain
name is being used, and several other factors
✔✔What is Ransomware? - ✔✔Malware that steals data and encrypts it
✔✔Once a phishing attack occurs and a user is directed to malicious content, which of
the following typically occurs? - ✔✔One or more files are downloaded, with the attacker
also attempting to download secondary payloads onto the user's machine
The establishing of an outbound connection from the user's device using an outbound
command and control channel to an adversaries' infrastructure
Full control over the endpoint by the adversary
✔✔What is Zscaler ThreatLabZ? - ✔✔A best-in-class security threat research team of
more than 100+ security researchers who analyze security trends and help keep
Zscaler's signature databases up to date
✔✔What is a spear phishing attack? - ✔✔A type of attack in which malicious files or
attachments can be used in an email, luring the user to open it
✔✔Contextual DLP policy includes (Select 3): - ✔✔File Type Control
Cloud App Control
, Tenancy Restrictions
✔✔Zscaler supports data at rest scanning with DLP and Cloud Sandbox using which
technology? - ✔✔OOB CASB
✔✔Zscaler offers ML based data discovery for many thematic document categories
such as: (Select 3) - ✔✔Legal documents
Medical records
Images such as passports, driving license, etc.
✔✔Zscaler offers user notification and coaching via which of the following mechanisms?
(Select 3) - ✔✔Browser Notification (Browser based)
Slack Connector (Application based)
Zscaler Workflow Automation (Client connector pop-up)
✔✔EDM (Exact Data Match) is an advanced DLP feature that does which of the
following? - ✔✔EDM enables organizations to perform a structured data match on
specific types of data, e.g. a column of credit card numbers
✔✔OCR (Optical Character Recognition) is necessary for which of the following? -
✔✔OCR helps protect sensitive data in images, image files and handwritten texts
✔✔To protect sensitive data, organizations must inspect the content inline with data
classification capabilities such as predefined dictionaries, custom dictionaries, etc. (True
or False) - ✔✔TRUE
✔✔SSPM (SaaS Security Posture Management) enables organizations to find which of
the following: - ✔✔Cloud misconfigurations and compliance violations
✔✔Zscaler offers fully integrated data protection for all channels, which includes:
(Select 3) - ✔✔Cloud channels such as data in motion or data-at-rest in SaaS
applications
Endpoint
✔✔What is a possible data exfiltration channel? - ✔✔Cloud based personal email, file
sharing, and collaboration tools
✔✔How do most major security breaches begin? - ✔✔An attacker finding your attack
surface
✔✔With Zero Trust, if we use the analogy of publishing your phone number, then: -
✔✔Your phone number is unpublished and only authorized parties can call you
