ZDTA Certification: Exam Guide, Cost & Practice Tests, Exams of Digital
Communication Systems
Whats a common feature of SD-WAN GRE Tunnels and IPSec Tunnels? -
ANSWERProvide secure communication between different network segments
What are the challenges of extending legacy network and security to the
public cloud? - ANSWERCreating VPCs and VNETs add overhead. Increases
attach surface.
What are the use cases for ZT Cloud? - ANSWERWorkload to internet,
intracloud, multi-cloud, hybrid?
What is the purpose of a GRE tunnel in the ZTE? - ANSWERTo load balance
traffic properly
What two items most accurately describe ZT connectors? - ANSWER1. Access
is granted but never shared at the network layer
2. Independent of anyh network for control or trust
Main advantage of using an SD-WAN vendor to connect ot Zscaler over
tranditional routers? - ANSWEROne-click configuration of the connection.
,What prevents unauthorized SD-WAN router connections to the Zscaler
service? - ANSWERThe partner key
Which tunnel types does Zscaler support between a router and a Zscaler data
center? - ANSWERGRE & IPSEC
T/F - GRE Tunnels should always be deployed in pairs for redundancy? -
ANSWERTrue
Private Service Edge - what's the workflow? - ANSWER1. User Connects to
PSE
2. PSE --> Express Route or VPN to ZPA CC or DC Connector
3. Connector to ZS. cloud to validate
Private Service Edge - how to configure? - ANSWER1. Inbound 443, Unique IP,
CC needs to comm with PSE IP and app conn
2. CC makes decision on what is closest based on client.
3. Create intermediate CA under enrollment derts,
4. Create a SE group per location
5. Get provisioning key and load on PSE
6. Host finger print and private keys encrypted
7. Service end validates app and client keys through PKI trust
Virtual Service Edge - What is supported? - ANSWERZIA: ESXi, VMW on AWS,
Azure, GCP
, ZPA: ESXi, HyperV, AWS, Azure, GCP
VSE - what performance to expect on SSL inspection - ANSWER600MB/sec
VSE - what's the routing config? - ANSWEREM0 = Mgmt
EM1 = Proxy
EM2 = Load Balancer IP
What are the reporting options for service edges? - ANSWERInteractive,
executive, forensic, historical sandbox, patrient Zero, threat insights
What is the purpose of the logging architecture in the ZTE? - ANSWERAnalyze
user activity and perform analytics for future policy decisions
Use cases for traffic forwarding (source IP anchoring) - ANSWER1. Apps that
restict client IP
2. Set up auth (O365)
3. Geo-located based on source IP
4. Provided by app connector on PSE
5. ZIA apps requiring a known source
How to configure source IP anchoring - ANSWER1. Create app seg and enable
source IP anchor
2. Define Service Group, Connector Group
3. Create fwd policy
4. In ZIA add gateway rule for app segment
Communication Systems
Whats a common feature of SD-WAN GRE Tunnels and IPSec Tunnels? -
ANSWERProvide secure communication between different network segments
What are the challenges of extending legacy network and security to the
public cloud? - ANSWERCreating VPCs and VNETs add overhead. Increases
attach surface.
What are the use cases for ZT Cloud? - ANSWERWorkload to internet,
intracloud, multi-cloud, hybrid?
What is the purpose of a GRE tunnel in the ZTE? - ANSWERTo load balance
traffic properly
What two items most accurately describe ZT connectors? - ANSWER1. Access
is granted but never shared at the network layer
2. Independent of anyh network for control or trust
Main advantage of using an SD-WAN vendor to connect ot Zscaler over
tranditional routers? - ANSWEROne-click configuration of the connection.
,What prevents unauthorized SD-WAN router connections to the Zscaler
service? - ANSWERThe partner key
Which tunnel types does Zscaler support between a router and a Zscaler data
center? - ANSWERGRE & IPSEC
T/F - GRE Tunnels should always be deployed in pairs for redundancy? -
ANSWERTrue
Private Service Edge - what's the workflow? - ANSWER1. User Connects to
PSE
2. PSE --> Express Route or VPN to ZPA CC or DC Connector
3. Connector to ZS. cloud to validate
Private Service Edge - how to configure? - ANSWER1. Inbound 443, Unique IP,
CC needs to comm with PSE IP and app conn
2. CC makes decision on what is closest based on client.
3. Create intermediate CA under enrollment derts,
4. Create a SE group per location
5. Get provisioning key and load on PSE
6. Host finger print and private keys encrypted
7. Service end validates app and client keys through PKI trust
Virtual Service Edge - What is supported? - ANSWERZIA: ESXi, VMW on AWS,
Azure, GCP
, ZPA: ESXi, HyperV, AWS, Azure, GCP
VSE - what performance to expect on SSL inspection - ANSWER600MB/sec
VSE - what's the routing config? - ANSWEREM0 = Mgmt
EM1 = Proxy
EM2 = Load Balancer IP
What are the reporting options for service edges? - ANSWERInteractive,
executive, forensic, historical sandbox, patrient Zero, threat insights
What is the purpose of the logging architecture in the ZTE? - ANSWERAnalyze
user activity and perform analytics for future policy decisions
Use cases for traffic forwarding (source IP anchoring) - ANSWER1. Apps that
restict client IP
2. Set up auth (O365)
3. Geo-located based on source IP
4. Provided by app connector on PSE
5. ZIA apps requiring a known source
How to configure source IP anchoring - ANSWER1. Create app seg and enable
source IP anchor
2. Define Service Group, Connector Group
3. Create fwd policy
4. In ZIA add gateway rule for app segment
