Zscaler for Users- Engineer (EDU-202)

Engineers, delivery consultants and architects

COURSE SUMMARY

In this course, you will go beyond your initial deployment and provisioning to learn about advanced configuration of the identity, platform services, connectivity, access control, digital experience monitoring, security, and data protection services of the Zscaler Zero Trust Exchange. You will also learn about risk management and Zscaler Zero Trust Automation.

Learning Outcomes

icon_architecture
Discuss the architecture of the Zscaler platform, including its global scale, additional capabilities offered, and API infrastructure
icon_connectivity
Configure advanced connectivity options such as Browser Access, SD-WAN, Client Connector, Branch Connector, and Cloud Connector
icon_cybersecurity
Configure advanced cybersecurity services and Zscaler Digital Experience for applications, call quality monitoring, probes, diagnostics, alerts, and role-based administration

Course Outline

Zscaler for Users - Engineer Overview

  • Recap of Zscaler for Users – Administrator (EDU-200)
  • Introduction to Zscaler for Users – Engineer (EDU-202)

Zscaler Architecture

  • Multitenant Cloud Security Architecture
  • Architecture Deep Dive
  • ZIA, ZPA, ZDX, and ZIdentity Architecture Overview
  • Additional Capabilities
  • Zscaler API Architecture

Identity Services

  • Essentials of ZIdentity Authentication
  • Configuring Authentication Levels, Methods, and Types
  • ZIdentity Integration
  • ZIdentity Policies

Connectivity Services

  • Zscaler Client Connector – Tunnel Mode
  • GRE Tunnel Options
  • IPsec Tunnel Options
  • Forwarding Profile PAC vs App Profile PAC
  • Zscaler Branch Connector
  • Zscaler Cloud Connector
  • Browser Access
  • Configuring Browser 
  • Access and User Portals
  • Privileged Remote Access
  • Configuring Privileged Remote Access
  • SD-WAN / Any Router

Platform Services

  • Zscaler Private Service Edges
  • ZPA Private Service Edge
  • ZIA Private Internet Service Edge
  • Traffic Forwarding – Source IP Anchoring
  • Policy Framework
  • Analytics & Reporting

Access Control Services

  • Firewall
  • DNS Control
  • DNS Configuration Use Cases & Best Practices
  • Zscaler DNS Policy Demonstration
  • Tenant Restrictions
  • Zscaler Tenant Restrictions Demonstration
  • Cloud App Instances / Cloud App Control Policy
  • Segmentation & Conditional Access Through Policies
  • Access Control Services Configuring Private Application Access
  • Segmentation

Cyberthreat Protection Services

  • Recap from Cyberthreat Protection Services: Course 6 of 10 (EDU-200)
  • Advanced Threat Protection
  • Intrusion Prevention System (IPS)
  • Cloud Sandbox
  • Cloud Sandbox Policies
  • Browser Isolation
  • Setting Up Zero Trust Threat Isolation
  • Zscaler Browser Isolation
  • Browser Isolation Configuration
  • Private Access AppProtection Video 1
  • Private Access AppProtection Video 2
  • Private Access AppProtection Configuration 
  • Zscaler Deception Introduction
  • Zscaler Deception Workflow
  • Set up a Zscaler Deception Campaign
  • Zscaler ITDR
  • Zscaler ITDR Demo

Data Protection Services

  • Secure Data in Motion
  • Secure SaaS Data
  • Secure Cloud Data and Endpoint Data
  • Secure SaaS Access from BYOD
  • Incident Management

Risk Management

  • What Is Risk Management?
  • Risk Management Process
  • Risk360 – Risk Quantification Visualization Framework
  • Contributing Factors to Organizational Risk Score
  • Investigate Workflows Using Risk360
  • Exclude/Include Risk Factors
  • Exclude/Include Entity Contributing to the Risk Factors
  • Annotated Risk Score Trend Chart
  • Alerts
  • Mapping to Security Risk Framework
  • Financial Analysis
  • Data Fabric for Security
  • Unified Vulnerability Management
  • Deception: Architecture and Use Cases
  • ITDR Posture
  • EASM
  • Breach Predictor

Zscaler Digital Experience

  • Introduction to ZDX
  • ZDX Metrics
  • Probe
  • Configuring Probes
  • Diagnostics
  • Configuring Diagnostics
  • Alerts
  • Configuring Alerts
  • Device Software and Process Inventory
  • Configuring Applications
  • Integration with Intune
  • Integration with Service Now
  • Configuring Call Quality Monitoring
  • Configuring Self Service Settings
  • Configuring Data Explorer
  • Configuring Inventory Settings in ZDX
  • Role-Based Administration
  • Configuring RBAC
  • ZDX Dashboard
  • Analytics
  • Hosted Monitoring
  • Visualization and Reporting
  • AI Influence in ZDX
  • ZDX: Workflow Automation Integration

Zscaler Zero Trust Automation

  • Recap of EDU-200
  • Legacy Automation Architecture
  • Zscaler Zero Trust Automation Framework
  • Components of OneAPI
  • Configuring OneAPI
  • Sample API Call Using OneAPI

Hands-On Lab Details

Prerequisites

Complete all Zscaler for Users – Engineer e-learning

Proficiency

Advanced

Description

The Zscaler Digital Transformation Engineer certification exam is the final step in the Zscaler for Users - Engineer (EDU-202) learning path. Certification supports the journey of security professionals to validate their understanding of deploying and implementing the Zscaler zero trust platform.

Duration

2 days | 12 hours

Type

Instructor-Led Training (ILT)

Completion criteria

Complete all lab exercises

Available language

English

Price per seat

US$1,200 (4 EDU credits)

Lab Outline

Lab 1: Connect to the Virtual

  • Task 1.1: Test Your Lab Access and Start Your Environment
  • Task 1.2: Signing into ZIdentity Landing Page
  • Task 1.3: Verify Lab Access

Lab 2: Configuring Admin Sign-On Policy and Password Policy

  • Task 2.1: Create IP Location for Admin Sign-On Policy
  • Task 2.2: Add Admin Sign-On Policy to Deny Access to IP Location
  • Task 2.3: Verify Deny Access for IP Location
  • Task 2.4: Create Custom Password Policy for Users
  • Task 2.5: Verify Password Policy by Creating a User Account

Lab 3: Connectivity Services–Configure Browser Access for 3rd Parties

  • Task 3.1: Provision App Connector
  • Info: Troubleshooting App Connector Enrollment
  • Task 3.2:  Create HVAC Application Web Server Certificate
  • Task 3.3: Create HVAC Application and Access Policy for Browser Access
  • Task 3.4: Create DNS CNAME Record for the HVAC Application
  • Task 3.5: Test Browser Access to the HVAC Application

Lab 4: Platform Services–Configure Log Streaming

  • Task 4.1: Provision Dedicated App Connector for Log Streaming
  • Task 4.2 : Add Log Receiver
  • Task 4.3: Add SSH Access to SIEM Server in Private Data Center
  • Task 4.4: Verify Log Feed

Lab 5: Access Control Services–Configure & Examine Firewall Policies

  • Task 5.1: Verify Client Connector Forwarding to Firewall
  • Task 5.2: Verify Tunnel Version v2.0 DTLS Forwarding on User's Device
  • Task 5.3: Test Non-Web Traffic with Firewall Default Block
  • Task 5.4: Configure Firewall Policies
  • Task 5.5: Examine Firewall Traffic
  • Task 5.6: Check Firewall Filtering Rule Log Data

Lab 6: Securing Access to Internet

  • Task 6.1: Configure SSL Inspection Policy & Verify SSL Decryption
  • Task 6.2: Threat Protection Configurations & Risk Reports

Lab 7: Cyberthreat Protection Services–Configure Sandbox File Inspection

  • Task 7.1: Configure Sandbox Policies
  • Task 7.2: View Sandbox Activity Report

Lab 8: Cyberthreat Protection Services–Browser Isolation

  • Task 8.1 Build Isolation Profile
  • Task 8.2 Implement Isolation Policy
  • Task 8.3: Add URL/Cloud App Isolate Control Policies

Lab 9: Cyberthreat Protection Services–Deception-Based Active Defense

  • Task 9.1: Generate Recon Activity
  • Task 9.2: Investigate Deception Alerts

Lab 10: Policy Enforcement with Unified DLP for Multi-Channel

  • Task 10.1: Protect PII Information in Unsearchable PDF/Documents for Data in Motion

Lab 11: Manage Incidents with Zscaler Workflow Automation (ZWA)

  • Task 11.1: Enroll with Zscaler Client Connector
  • Task 11.2: View Current DLP Incidents
  • Task 11.3: Modify Incident Metadata
  • Task 11.4: Test User Notification/Coaching & Escalation Workflow
  • Task 11.5: Configure Automated Workflows

Lab 12: BYOD with User 2.0 Portal

  • Task 12.1: Test Conditional Access Restrictions When Not Connecting Through Zscaler
  • Task 12.2: Connecting to Sanctioned SaaS Apps from User 2.0 Portal

Lab 13: Analyzing Risk with MITRE ATT&CK and NIST CSF

  • Task 13.1: Analyzing Risk MITRE ATT&CK Framework
  • Task 13.2: Analyzing Risk with NIST CSF

Lab 14: Understanding Orchestrate in Deception Portal

  • Task 14.1: Explore Orchestrate Menu in Deception Dashboard

Lab 15: Configuring Cloud Applications Monitoring

  • Task 15.1: Configure a Custom Application
  • Task 15.2: Create a Custom Probe

Lab 16: Zscaler Digital Experience–Configure Alerts & Diagnostics

  • Task 16.1: Create an Alert Rule
  • Task 16.2: Configure a Diagnostic Session

Lab 17: Configuring Role-Based Administration

  • Task 17.1: Creating ZDX Role
  • Task 17.2: Creating ZDX Admin and Apply the Role

Lab 18: Adding API Clients

  • Task 18.1: Adding API Clients
  • Task 18.2: Testing API Endpoint Using POSTMAN
  • Task 18.3: Adding APP Connector Group Using OneAPI Endpoint

Certificate Exam Details

Prerequisites

Zscaler for Users - Engineer e-learning; ILT lab

Duration

90 minutes

Test format

60 multiple-choice questions

Available language(s)

English

Price per attempt

US$300 (1 EDU credit)

Access Cyber Academy

Jump into Zscaler Cyber Academy

For any other inquiries, please reach out to training@zscaler.com.