Zscaler ZDTA - Zscaler Digital Transformation Administrator Exam
Page: 1 / 29
Total 143 questions
Question #1 (Topic: Exam A)
Within ZPA, the mapping relationship between Connector Groups and Server Groups can best be defined as which of the following?
A. Server Groups are configured for Dynamic Server Discovery so that mapped Connector Groups can then DNS resolve individual application Segment Groups.
B. Connector Groups are configured for Dynamic Server Discovery so that mapped Server Groups can DNS resolve and advertise the applications.
C. Connector Groups are configured for Dynamic Server Discovery so that ZPA can steer traffic through the appropriate Server Group.
D. Server Groups are configured for Dynamic Server Discovery so that mapped Connector Groups can DNS resolve and make health checks toward the application.
Answer: D
Question #2 (Topic: Exam A)
A user has opened a support case to complain about poor user experience when trying to manage their AWS resources. How could a helpdesk administrator get a useful root cause analysis to help isolate the issue in the least amount of time?
A. Check the Zscaler Trust page for any indications of cloud outages or incidents that would be causing a slowdown.
B. Check the user's ZDX score for a period of low score for AWS and use Analyze Score to get the ZDX Y-Engine analysis.
C. Do a Deep Trace on the user's traffic and check for excessive DNS resolution times and other slowdowns.
D. Initiate a packet capture from Zscaler Client Connector and escalate the case to have the trace analyzed for root cause.
Answer: B
Question #3 (Topic: Exam A)
How do Access Policies relate to the Application Segments and Application Segment Groups?
A. When a condition is met, an Access Policy can either allow or block access to Application Segments OR Application Segment Groups.
B. When a condition is met, an Access Policy can allow access to Application Segments Groups and block access to Application Segment.
C. When a condition is met, an Access Policy can either allow or block access to Application Segments and Application Segment Groups.
D. When a condition is met, an Access Policy can allow access to Application Segments and block access to Application Segment Groups.
Answer: C
Question #4 (Topic: Exam A)
As technology that exists for a very long period of time, has URL Filtering lost its effectiveness?
A. URL Filter is the most commonly used web filtering technique in the arsenal. It acts as first line of defense.
B. In a modern cloud world, access to all Internet sites and cloud applications should be granted by default. URL Filtering is no longer needed.
C. URL Filtering has been replaced by CASB functionality through blocking access to all Internet sites and only allowing a few corporate applications.
D. URL Filtering is outdated and no longer needed. The rise of HTTPS leads renders URL Filtering ineffective as all traffic is encrypted.
Answer: A
Question #5 (Topic: Exam A)
You need to SSL inspect all traffic but one specific URL category. You decide to create two policies, one to inspect all traffic and another one to bypass the specific category. What is the logical sequence in which they have to appear in the list?
A. Both policies are incompatible, so it is not possible to have them together.
B. First the policy for the generic "inspect all", then further down the list the policy for the exception Category.
C. First the policy for the exception Category, then further down the list the policy for the generic "inspect all."
D. All policies both generic and specific will be evaluated so no specific order is required.
Answer: C
