Zscaler Interview questions and answers
Zscaler Interview questions and answers --
Q1- What is Zscaler
Ans -
Zscaler provides the technology and expertise to guide and secure organizations on their digital transformation journeys. It help them move away from appliance-based network and security infrastructure models, replacing traditional inbound and outbound gateways with modern cloud-delivered services built for today’s business
Q2 - How many deployment models available -
Ans - We can deploy Zscaler using two methods -
1- IPSEC VPN
2- GRE Tunnel
1- IPSEC VPN -
The configuration of a VPN connection to the “Zscaler Cloud Security Platform”. The use of IPSec allows the use of dynamic WAN addresses on the client side
2- GRE Tunnel-
You can self provision your GRE tunnels to connect to the Zscaler service via the ZIA Admin Portal
Q3 - Difference between Tunnel 1.0 and Tunnel 2.0
Ans -
Tunnel 1.0 -
Z-Tunnel 1.0 forwards traffic to the Zscaler cloud via CONNECT requests, much like a traditional proxy. Version 1.0 sends all proxy-aware traffic or port 80/443 traffic to the Zscaler service, depending the forwarding profile configuration
Tunnel 2.0 -
Z-Tunnel 2.0 has a tunneling architecture that uses DTLS or TLS to send packets to the Zscaler service. Because of this, Z-Tunnel 2.0 is capable of sending all ports and protocols.
Use Tunnel 2.0 with below points-
- Deploy Zscaler Client Connector 2.0.1 (and later) to your users.
- Select Z-Tunnel 2.0 when configuring a forwarding profile with Tunnel mode and the packet filter driver is enabled.
- Configure bypasses for Z-Tunnel 2.0 in Zscaler Client Connector profile. To learn more, see Best Practices for Adding Bypasses for Z-Tunnel 2.0.
Tunnel with Local Proxy --
In Tunnel with Local Proxy mode, Zscaler Client Connector sets proxy settings on user devices so that all proxy-aware traffic is tunneled to Zscaler. The app does this by automatically installing a PAC file on the system to force all traffic to go to the local host.
Enforce Proxy --
The Enforce option is selected by default and cannot be changed. This option allows Zscaler Client Connector to enforce your proxy settings by monitoring for network changes and reapplying settings. Zscaler Client Connector also ensures that users cannot tamper with their proxy settings
- Automatically Detect Settings
- Use Automatic Configuration Scrips
- Use Proxy Server for Your LAN
Q6- What is PAC file in Zscaler
Ans -
A proxy auto-configuration (PAC) file is a text file that instructs a browser to forward traffic to a proxy server, instead of directly to the destination server. It contains JavaScript that specifies the proxy server and optionally, additional parameters that specify when and under what circumstances a browser forwards traffic to the proxy server. For example, a PAC file can specify on what days of the week or what hours of the day traffic is sent to a proxy, or for which domains and URLs traffic is not sent to a proxy.
Q6 - What is Suggragate IP in Zscaler -
Ans -
in some deployments from known locations, you can enable the Zscaler surrogate IP service to map a user to a private IP address so it applies the user's policies, instead of the location's policies, to traffic that it cannot authenticate
Below is the point to use Suggragate IP -
- Applications that do not support cookies, such as Google Earth and Skydrive
- HTTPS transactions that are not decrypted
- Transactions that use unknown user agents
Q 12 - What is ZIA
Ans -
Zscaler Internet Access (ZIA) helps secure your internet and SaaS connections by delivering a complete secure stack as a service from the cloud. By moving security to a globally distributed cloud, Zscaler brings the Internet gateway closer to the user for a faster more secure experience
Q 13- What is Zscaler Client Connector -
Ans -
Installed on your users' devices, the Zscaler Client Connector connects to the ZPA cloud to enable granular, policy-based access to your organization’s internal resource
Zscaler Client Connector can also forward your users' traffic to the Zscaler cloud to secure their internet traffic
Q 14- How many authentication methods available in Zscaler.
The following table lists the benefits and requirements for the seven supported authentication methods
- Identity Federation Using SAML
- Kerberos Authentication
- Directory Server Synchronization
- Zscaler Authentication Bridge
- One-Time Link
- One-Time Token
- Passwords
Q15 - which one first look URL filtering or Cloud App.
Ans -
By default, the Cloud App Control policy takes precedence over the URL Filtering policy
Q16 - What is Admin Rank in URL filtering
Ans -
Enter a value from 0-7 (0 is the highest rank). Your assigned admin rank determines the values you can select. You cannot select a rank that is higher than your own.
Q17- What is the Know and Unknow location in Zscaler.
Ans-
When an organization forwards its traffic to the Zscaler service through a GRE or IPSec tunnel, Zscaler provisions your organization's IP addresses, its called know location.
rest of traffic treated as Uknow location.
When the Zscaler service receives traffic, it checks whether the traffic is from a known location (a location that is configured on the ZIA Admin Portal), or from an unknown location (remote user traffic). If the traffic is from a known location, the service processes the traffic based on the location settings.
Example:-
the service checks whether the location has authentication enabled and proceeds accordingly. It also applies any location policies that you configure and logs Internet activity by location
We will add more questions later
No comments