When a ZDX custom application is configured with the type set to'Network', the administratorwill not get Disk I/O metricsfor users. Disk I/O metrics relate to local client device performance and are not part of network-type application probes which focus on network latency, server response, and other network-centric measurements.

The study guide notes that Disk I/O is part of endpoint-level monitoring and is not collected by network-type probes, unlike metrics such as Server Response Time or ZDX Score which are network related.

ZscalerAdvanced FirewallsupportsDNS Tunnel and DNS Application Control, capabilities that are not available in the Standard Firewall. This enhances detection and control of DNS-based threats and allows granular enforcement over DNS queries and responses to prevent data exfiltration and command and control activities.

Yes, URL Filtering can make use of Cloud Browser Isolation. Specifically,“Isolate”is an available action in URL Filtering policies that enables users to access potentially risky or untrusted websites in an isolated environment, preventing any malicious content from reaching the user’s device.

The study guide explains that integrating Cloud Browser Isolation into URL Filtering enhances security by isolating risky browsing activities directly from policy enforcement points.

After the Zscaler Client Connector (ZCC) receives a valid SAML response,Zscaler Internet Access (ZIA)takes over to validate the SAML assertion. Upon successful validation, ZIA issues an authentication token that allows the user to access services securely. This centralized validation ensures authentication integrity and enables seamless policy enforcement across Zscaler services.

When a SAML Identity Provider (IdP) returns an assertion containing device attributes, these attributes are first consumed by theZero Trust Exchangecomponent. This component uses the device attributes for policy creation and enforcement decisions, integrating identity and device posture information to make dynamic access decisions.

Yes, theAccess Control suite includes controls for segmentation and conditional access, which are designed to prevent lateral movement within networks. These features allow organizations to restrict access between different segments and enforce policies that limit the spread of threats or unauthorized access within internal environments.

Certificate pinning prevents SSL interception by validating a server’s certificate against known values. When ZIA performs SSL inspection, it substitutes the certificate with one signed by Zscaler’s CA. This causes the handshake to fail for pinned applications. To troubleshoot, an administrator shouldreview SSL logs to identify handshake failures, which indicate certificate pinning issues. Logs will show the TLS negotiation details, including any disruptions.

Downloadersare a specific type of malware whose primary purpose is to download and install other malicious software onto a victim's machine. Unlike standalone threats, downloaders typically establish initial access and then retrieve payloads like ransomware, trojans, or spyware from a command and control server. Their role in the malware chain is fundamental for multi-stage attacks.

When creating SSL inspection policies,the exception policy for the specific URL category must appear firstin the policy list, followed by the more generic "inspect all" policy further down. Zscaler evaluates policies in order, so placing the exception first ensures that traffic matching that category bypasses inspection before the generic policy is applied.

The study guide emphasizes the importance of policy order to ensure correct application of exceptions and general rules.

Browser Isolationenables secure access to potentially malicious or untrusted websites by rendering web pages in a remote containerized environment. This isolates any harmful content away from the user’s device, ensuring safe browsing without compromising endpoint security. This approach is especially effective for unknown or risky URLs where traditional content filtering might be insufficient.

The recommended minimum number of App connectors to ensure resiliency in Zscaler Private Access is2. Having at least two App connectors provides redundancy, so if one connector fails or is unavailable, the other can continue to provide access without interruption. This recommendation is critical to maintaining high availability and fault tolerance for internal application access.

The study guide specifies this minimum to ensure continuity and reliability of application access through ZPA.

The Cloud Firewall includesDeep Packet Inspection (DPI)capabilities that detect protocol evasion techniques where applications try to communicate over non-standard ports to bypass firewall controls. Once detected, the traffic is sent to the appropriate inspection engines for further handling and mitigation. This ensures that evasive traffic does not bypass security controls.

Trusted Networksin Zscaler are defined using network-specific parameters such as DNS Server, Default Gateway, and Network Range, which are used to identify known internal networks. These properties help Zscaler Client Connector recognize when a device is on a corporate network.Org ID, however, is unrelated to the network characteristics and is instead associated with tenant identification in Zscaler’s cloud infrastructure.

To avoid prompting users with a cloud selection menu in the Zscaler Client Connector (ZCC), administrators shouldcustomize the MSI installation package with theCLOUDNAMEparameter. This setting ensures the ZCC automatically connects to the correct ZIA cloud instance without user intervention. The CLOUDNAME corresponds to the designated cloud name for the organization’s ZIA tenant, effectively bypassing the prompt. This is outlined under Zscaler's deployment and configuration instructions for ZCC.

AZIA Sublocationis defined as a subsection of a corporate Location that is used to separate different types of traffic, such as traffic from employees versus guest traffic. This segmentation allows granular application of policies and better control over different user groups within the same corporate location. Sublocations help in organizing and managing traffic flows for better policy enforcement and reporting.