A user is accessing a private application through Zscaler with SSL Inspection enabled. Which
certificate will the user see on the browser session?
D
Explanation:
When SSL Inspection is enabled and a user accesses a private application through Zscaler, the user
will see a Zscaler generated MITM (Man-In-The-Middle) Certificate on their browser session. Zscaler
intercepts and decrypts SSL/TLS traffic at the Service Edge and then re-encrypts it before forwarding
it to the client, presenting its own certificate to maintain the security of the connection while
enabling inspection.
This allows Zscaler to inspect encrypted traffic for threats and policy enforcement transparently
without exposing the original server’s certificate. The study guide clarifies this mechanism under SSL
Inspection details.
What Malware Protection setting can be selected when setting up a Malware Policy?
C
Explanation:
The valid Malware Protection setting selectable when configuring a Malware Policy in Zscaler is
Block. This setting instructs the platform to block malicious files or activities detected by malware
scanning engines.
Other settings like Isolate or Bypass are not standard malware policy actions in Zscaler’s malware
protection configuration. The “Do Not Decrypt” option relates to SSL inspection settings, not
malware policy actions. The study guide specifies “Block” as the primary malware policy action to
enforce protection.
Which are valid criteria for use in Access Policy Rules for ZPA?
A
Explanation:
Valid criteria for Access Policy Rules in ZPA include Group Membership, ZIA Risk Score, Domain
Joined, and Certificate Trust. These attributes allow granular policy decisions based on user identity,
device posture, and risk context.
Options including password are invalid as passwords are not used as policy criteria; similarly, SNI and
Branch Connector Group are more relevant to other controls. The study guide lists these user and
device attributes explicitly as policy criteria within ZPA access policies.
Which type of attack plants malware on commonly accessed services?
D
Explanation:
A Watering Hole Attack is characterized by attackers planting malware on websites or services that
are commonly accessed by their intended victims. The goal is to infect users who visit these trusted
sites by injecting malicious code or malware. This type of attack leverages the trust users place in
frequently visited services to deliver malware covertly.
Other options like Remote Access Trojans, Phishing, and Exploit Kits are attack types but do not
specifically involve compromising commonly accessed services to plant malware.
What does the user risk score enable a user to do?
C
Explanation:
The user risk score enables organizations to configure stronger user-specific policies to monitor and
control user-level risk exposure. This score reflects a user's risk posture based on behaviors and
detected anomalies and helps in tailoring security policies to address individual risk levels.
While the score gives insight into user risk, it is primarily designed for adaptive policy enforcement
rather than direct compromise detection or cross-company comparison. The study guide highlights
that user risk scores drive policy adjustments to better secure user activity.
Can URL Filtering make use of Cloud Browser Isolation?
D
Explanation:
Yes, URL Filtering can make use of Cloud Browser Isolation. Specifically, “Isolate” is an available
action in URL Filtering policies that enables users to access potentially risky or untrusted websites in
an isolated environment, preventing any malicious content from reaching the user’s device.
The study guide explains that integrating Cloud Browser Isolation into URL Filtering enhances
security by isolating risky browsing activities directly from policy enforcement points.
What is the immediate outcome or effect when the Zscaler Office 365 One Click Rule is enabled?
B
Explanation:
When the Zscaler Office 365 One Click Rule is enabled, Office 365 traffic is exempted from SSL
inspection and other web policies to optimize performance and user experience. This rule simplifies
policy configuration by automatically identifying and excluding Office 365 cloud traffic from
inspection, reducing latency and avoiding potential conflicts with Office 365 services.
The study guide clarifies that this rule helps balance security with seamless cloud application usage.
The Forwarding Profile defines which of the following?
A
Explanation:
The Forwarding Profile in Zscaler defines the fallback methods and behavior when a DTLS tunnel
cannot be established. This profile governs how traffic should be forwarded if the preferred DTLS
(Datagram Transport Layer Security) tunnel fails, ensuring continuity by falling back to alternative
methods such as TLS or other configured options. It is critical to maintaining secure and resilient
connectivity paths for traffic forwarding.
The study guide clarifies that this forwarding profile specifically addresses DTLS fallback behavior to
maintain session reliability.
What is the default timer in ZDX Advanced for web probes to be sent?
D
When configuring a ZDX custom application and choosing Type: 'Network' and completing the
configuration by defining the necessary probe(s), which performance metrics will an administrator
NOT get for users after enabling the application?
D
Explanation:
When a ZDX custom application is configured with the type set to 'Network', the administrator will
not get Disk I/O metrics for users. Disk I/O metrics relate to local client device performance and are
not part of network-type application probes which focus on network latency, server response, and
other network-centric measurements.
The study guide notes that Disk I/O is part of endpoint-level monitoring and is not collected by
network-type probes, unlike metrics such as Server Response Time or ZDX Score which are network
related.