Zscaler ZDTE 시험

Question No : 1

A script will update ZPA application segments in production.
What is the best least-privilege choice for the API client?

• A.Multiproduct admin client access scope broad
• B.ZPA read only scope
• C.ZPA policy write scope
• D.ZPA app segment write scope

답을 확인하기

정답:

Question No : 2

A service-edge brownout alert is desired. The tenant shows 180 impacted devices across six sites, but the incident view does not promote to an outage. Two small branches report impact, however four large hubs do not.
What change aligns with the design intent?

• A.Add more end-user probes to reach higher sample volume
• B.Increase global minimum count to reduce duplicate incidents
• C.Widen alert scope to tenant level to merge events across locations for faster paging
• D.Tune local thresholds to site population

답을 확인하기

정답:

Question No : 3

An internal ZPA app serves 300 users. Goal: app timing from real users with low probe load and low noise.
Which probe plan fits?

• A.End User Cloud Path probes for packet loss trend
• B.End User Web plus Hosted Web across regions
• C.Hosted Web probes for broad sites
• D.Scoped End User Web probes for actual user group

답을 확인하기

정답:

Question No : 4

A media firm hires contractors on unmanaged laptops. No client install is allowed. They need ZIA inspection for SaaS over HTTP/HTTPS. Some tools use custom ports that the firm cannot change.
What should the team do to send traffic to Zscaler?

• A.Force GRE sessions from each host using dynamic DNS names
• B.Require IPSec tunnels from home routers at contractor sites today
• C.Deploy PAC to steer web to ZIA
• D.Instruct contractors to add the client using mailed links now

답을 확인하기

정답:

Question No : 5

A rule must block media sites from 9am - 5pm local time in two regions. Policy is scoped to locations.
How should the time logic be set?

• A.Set each location time zone and scope the rule to them
• B.Let sublocations inherit time zone and scope by groups
• C.Set a single tenant time zone and scope the rule global
• D.Use device local time and scope by user group tags

답을 확인하기

정답:

Question No : 6

Users from home see long delay before fail. PAC returns proxy on port 9400. Path blocks 9400.
What mismatched design explains the delay?

• A.Host relies on private address space
• B.Return uses dynamic load tokens
• C.Return points to blocked port
• D.PAC uses shorter regex chains

답을 확인하기

정답:

Question No : 7

An application engineer sees a private web app load slowly in several sites. End User Cloud Path shows mild loss after the service edge. End user Web probes show long server response time while DNS is stable. Device health looks normal. The engineer wants to confirm whether the delay is app-side or network-side.
What probe placement confirms the source in this scenario?

• A.Activate a Hosted Web probe from cloud near app.
• B.Add more End User Cloud Path probes at current sites.
• C.Use reverse Cloud Path tests before forward-path checks today.
• D.Increase device health sampling on endpoints across affected sites.

답을 확인하기

정답:

Question No : 8

If a OneAPI client needs access to read the details of Private Application Connectors, how would it be configured to limit its scope to only access the needed API services?

• A.Configure an admin user in ZPA with the client secret created when adding the oneAPI client.
• B.Select a ZPA resource in the API Client settings that has the scope to read the ZPA configuration.
• C.Add the oneAPI client to a ZPA administrators group that has read-only permissions.
• D.Configure a Postman collection that only includes the ZPA enpoints needed.

답을 확인하기

정답:

Question No : 9

Support team reports that a specific user group is getting inconsistent forwarding behevior: the system proxy is manged by Zscaler Client Connector and should evaluate the App Profile PAC, yet the engineer reviewed findings against a prowser/system PAC instead.
Which analysis mistake most likely produced the mismatched conclusions?

• A.Troubleshoot the wrong PAC type
• B.Tune regex for shorter code
• C.Validate the copied source PAC snippet
• D.Add broad DIRECT bypass rules

답을 확인하기

정답:

Question No : 10

During a ZPA review, an engineer sees Recent Applications Accessed climbing while Discovered Applications stays flat. Current Connected Users appears calm, but a custom time window is applied.
What next step validates whether attempts are outpacing successes?

• A.Increase application segment scope
• B.Align dashboard time ranges
• C.Disable Browser Access preflight
• D.Rebuild connector server group

답을 확인하기

정답:

Question No : 11

A latency alert uses a fixed 200 ms threshold across regions and apps. Sites with higher normal variance see frequent false alerts.
What change reflects leading practice?

• A.Tie action to user score drop across sites globally levels
• B.Add more recipients and create additional email channels today
• C.Use baseline deviation per location group with time window
• D.Lower static threshold and widen scope to regions broadly planned

답을 확인하기

정답:

Question No : 12

A ZIA audit shows a PAC deployment occurred before users began reporting failed web access, and the engineer needs proof that access was impacted during the complaint window.
What will provide session-level confirmation?

• A.Dashboard widget counts
• B.Reroll PAC to prior version
• C.Transaction log evidence
• D.Monthly posture report findings

답을 확인하기

정답:

Question No : 13

A firm is starting ZIA DLP on uploads to cloud apps.
How should the team set up and enable policy to avoid blind spots and noise?

• A.Enable TLS inspection, use monitor rules with auditing, and then enforce
• B.Create narrow allow rules first and turn off CASB visibility
• C.Begin with broad block rules and raise match counts, then add TLS later
• D.Enable TLS inspection, begin with block rules and high thresholds before forwarding traffic.

답을 확인하기

정답:

Question No : 14

ZCC device health is low and the ZDX score dips during a short window. Audit logs show no relevant change.
What action should be taken based on this monitoring?

• A.Correlate telemetry and open incident
• B.Push scripted remediation to devices
• C.Roll back recent policy across tenants
• D.Raise policy enforcement and block apps

답을 확인하기

정답:

Question No : 15

A team runs an internal tool over HTTPS-like traffic on TCP/8443 and TCP/9443. They need URL-based controls and prompts to apply. Testing shows flows are treated as non-web and bypass web rules.
What should the engineer change to meet the requirement?

• A.Map the ports as custom web ports and test proxy path
• B.Allow the HTTPS network app for the tool group
• C.Block the host by a DNS domain list
• D.Raise IPS sensitivity for port 443 traffic

답을 확인하기

정답: