Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Netskope NSK300 Dumps Questions Answers

Page: 1 / 6
Total 81 questions

Netskope Certified Cloud Security Architect Exam Questions and Answers

Question 1

Your client is an NG-SWG customer. They are going to use the Explicit Proxy over Tunnel (EPoT) steering method. They have a specific list of domains that they do not want to steer to the Netskope Cloud.

What would accomplish this task?

Options:

A.

Define exception domains in the PAC file.

B.

Define exceptions in the Netskope steering configuration

C.

Create a real-time policy with a bypass action.

D.

Use an SSL decryption policy.

Buy Now
Question 2

You want customers to configure Real-time Protection policies. In which order should the policies be placed in this scenario?

Options:

A.

Threat, CASB, RBI, Web

B.

RBI, CASB, Web, Threat

C.

Threat, RBI, CASB, Web

D.

CASB, RBI, Threat, Web

Question 3

You do not want a scheduled Advanced Analytics dashboard to be automatically updated when Netskope makes improvements to that dashboard. In this scenario, what would you do to retain the original dashboard?

Options:

A.

Create a new dashboard from scratch that mimics the Netskope dashboard you want to use.

B.

Copy the dashboard into your Group or Personal folders and schedule from these folders.

C.

Ask Netskope Support to provide the dashboard and import into your Personal folder.

D.

Download the dashboard you want and Import from File into your Group or Personal folder.

Question 4

Review the exhibit.

MismatchCert (Hostname mismatch) Blocked by SSL_HOST_MISMATCH. The destination is not reachable. Contact your IT administrator with the following error.

A Netskope user reports receiving an error when trying to reach an application hosted by a trusted partner. Referring to the exhibit, what are two ways to solve this problem? (Choose two.)

Options:

A.

Configure the Netskope tenant to Bypass Self Signed Server Certificate errors.

B.

Add the trusted partner’s signing certificate to the local machine.

C.

Create an SSL Decrypt rule to bypass the destination website.

D.

Configure the Netskope tenant to Bypass Host MisMatch errors.

Question 5

You are architecting a Netskope steering configuration for devices that are not owned by the organization The users could be either on-premises or off-premises and the architecture requires that traffic destined to the company ' s instance of Microsoft 365 be steered to Netskope for inspection.

How would you achieve this scenario from a steering perspective?

Options:

A.

Use IPsec and GRE tunnels.

B.

Use reverse proxy.

C.

Use explicit proxy and the Netskope Client

D.

Use DPoP and Secure Forwarder

Question 6

A recent report states that users are using non-sanctioned Cloud Storage platforms to share data Your CISO asks you for a list of aggregated users, applications, and instance IDs to increase security posture

Which Netskope tool would be used to obtain this data?

Options:

A.

Advanced Analytics

B.

Behavior Analytics

C.

Applications in Skope IT

D.

Cloud Confidence Index (CCI)

Question 7

You are the network architect for a company using Netskope Private Access. Multiple users are reporting that they are unable to access an application using Netskope Private Access that was working previously. You have verified that the Real-time Protection policy allows access to the application, private applications are steered for the users, and the application is reachable from internal machines. You must verify that the application is reachable through Netskope Publisher

In this scenario, which two tools in the Netskope UI would you use to accomplish this task? (Choose two.)

Options:

A.

Reachability Via Publisher in the App Definitions page

B.

Troubleshooter tool in the App Definitions page

C.

Applications in Skope IT

D.

Clear Private App Auth under Users in Skope IT

Question 8

Users in your network are attempting to reach a website that has a self-signed certificate using a GRE tunnel to Netskope. They are currently being blocked by Netskope with an SSL error. How would you allow this traffic?

Options:

A.

Configure a Do Not Decrypt SSL Decryption rule to allow traffic to pass.

B.

Configure a Real-time Protection policy with the action set to Allow.

C.

Set the No SNI setting in Netskope to Bypass.

D.

Ensure that the users add the self-signed certificate to their local certificate store.

Question 9

You are asked to ensure that a Web application your company uses is both reachable and decrypted by Netskope. This application is served using HTTPS on port 6443. Netskope is configured with a default Cloud Firewall configuration and the steering configuration is set for All Traffic.

Which statement is correct in this scenario?

Options:

A.

Create a Firewall App in Netskope along with the corresponding Real-time Protection policy to allow the traffic.

B.

Nothing is required since Netskope is steering all traffic.

C.

Enable " Steer non-standard ports " in the steering configuration and add the domain and port as a new non-standard port

D.

Enable " Steer non-standard ports " in the steering configuration and create a corresponding Real-time Protection policy to allow the traffic

Question 10

Review the exhibit.

You work for a medical insurance provider. You have Netskope Next Gen Secure Web Gateway deployed to all managed user devices with limited block policies. Your manager asks that you begin blocking Cloud Storage applications that are not HIPAA compliant Prior to implementing this policy, you want to verify that no business or departmental applications would be blocked by this policy.

Referring to the exhibit, which query would you use in the Edit Widget window to narrow down the results?

Options:

A.

app-ccl-compliance-cert neq ' HIPAA ' and category eq ' Cloud Storage '

B.

Cloud Confidence Compliance neq HIPAA and Cloud Confidence Category is Cloud Storage

C.

SELECT application WHERE ' HIPAA ' NOT IN app-cci-compliance AND WHERE ' Cloud Storage ' IN category

D.

app-compliance does not contain HIPAA and category must equal Cloud Storage

Question 11

You are deploying the Netskope Client in a multi-user VDI environment and need to determine the command to deploy the MSI.

Which three parameters are required in this scenario? (Choose three.)

Options:

A.

mode=peruserconfig

B.

host=

C.

installmode=IDP

D.

token=

E.

autoupdate=on

Question 12

You are implementing Netskope Cloud Exchange in your company lo include functionality provided by third-party partners. What would be a reason for using Netskope Cloud Risk Exchange in this scenario?

Options:

A.

to ingest events and alerts from a Netskope tenant

B.

to feed SOC with detection and response services

C.

to map multiple scores to a normalized range

D.

to automate service tickets from alerts of interest

Question 13

Review the exhibit.

You installed Directory Importer and configured it to import specific groups ot users into your Netskope tenant as shown in the exhibit. One hour after a new user has been added to the domain, the user still has not been provisioned to Netskope.

What are three potential reasons for this failure? (Choose three.)

Options:

A.

Directory Importer does not support ongoing user syncs; you must manually provision the user.

B.

The server that the Directory Importer is installed on is unable to reach Netskope ' s add-on endpoint.

C.

The user is not a member of the group specified as a filter

D.

Active Directory integration is not enabled on your tenant.

E.

The default collection interval is 180 minutes, therefore a sync may not have run yet.

Question 14

Your organization ' s software deployment team did the initial install of the Netskope Client with SCCM. As the Netskope administrator, you will be responsible for all up-to-date upgrades of the client.

Which two actions would be required to accomplish this task? (Choose two.)

Options:

A.

In the Client Configuration, set Upgrade Client Automatically to Latest Release.

B.

Set the installmode-IDP flag during the original Install.

C.

Set the autoupdate-on flag during the original Install.

D.

In the Client Configuration, set Upgrade Client Automatically to Specific Golden Release.

Question 15

Review the exhibit.

AcmeCorp has recently begun using Microsoft 365. The organization is concerned that employees will start using third-party non-AcmeCorp OneDrive instances to store company data. The CISO asks you to use Netskope to create a policy that ensures that no data is being uploaded to non-AcmeCorp instances of OneDrive.

Referring to the exhibit, which two policies would accomplish this posture? (Choose two.)

Options:

A.

4

B.

3

C.

2

D.

1

Question 16

Your CISO asks that you to provide a report with a visual representation of the top 10 applications (by number of objects) and their risk score. As the administrator, you decide to use a Sankey visualization in Advanced Analytics to represent the data in an efficient manner.

In this scenario, which two field types are required to produce a Sankey Tile in your report? {Choose two.)

Options:

A.

Dimension

B.

Measure

C.

Pivot Ranks

D.

Period of Type

Question 17

Review the exhibit.

SelfSignedCert (self signed certificate in certificate chain) Blocked by SSL_SELF_SIGNED. The destination is not reachable. Contact your IT administrator with the following error.

You are the proxy administrator for a medical devices company. You recently changed a pilot group of users from cloud app steering to all Web traffic. Pilot group users have started to report that they receive the error shown in the exhibit when attempting to access the company intranet site that is publicly available. During troubleshooting, you realize that this site uses your company’s internal certificate authority for SSL certificates. Which three statements describe ways to solve this issue? (Choose three.)

Options:

A.

Create a Real-time Protection policy to allow access.

B.

Instruct the user to proceed past the error message.

C.

Bypass SSL inspection for the affected site(s).

D.

Change the SSL Error Settings from Block to Bypass in the Netskope UI.

E.

Import the root certificate for your internal certificate authority into Netskope.

Question 18

You are asked to create a customized restricted administrator role in your Netskope tenant for a newly hired employee. Which two statements are correct in this scenario? (Choose two.)

Options:

A.

An admin role prevents admins from downloading and viewing file content by default.

B.

The scope of the data shown in the UI can be restricted to specific events.

C.

All role privileges default to Read Only for all functional areas.

D.

Obfuscation can be applied to all functional areas.

Question 19

You built a number of DLP profiles for different sensitive data types. If a file contains any of this sensitive data, you want to take the most restrictive policy action but also create incident details for all matching profiles.

Which statement is correct in this scenario?

Options:

A.

Create a Real-time Protection policy for each DLP profile; each matched profile will generate a unique DLP incident.

B.

Create a Real-time Protection policy for each DLP profile; all matched profiles will show up in a single DLP incident

C.

Create a single Real-time Protection policy and include all of the DLP profiles; each matched profile will generate a unique DLP incident

D.

Create a single Real-time Protection policy and include all of the DLP profiles; all matched profiles will show up in a single DLP incident.

Question 20

You are asked to create a Quarantine repository in your Netskope tenant. Which statement is correct in this scenario?

Options:

A.

A Forensic profile must exist to restore a false positive.

B.

Encryption must be configured within the Quarantine profile.

C.

A customer-provided Tombstone file must be uploaded to the tenant.

D.

A Quarantine Instance type must exist for a supported SaaS application.

Question 21

Review the exhibit.

You are attempting to block uploads of password-protected files. You have created the file profile shown in the exhibit.

Where should you add this profile to use in a Real-time Protection policy?

Options:

A.

Add the profile to a DLP profile that is used in a Real-time Protection policy.

B.

Add the profile to a Malware Detection profile that is used in a Real-time Protection policy.

C.

Add the profile directly to a Real-time Protection policy as a Constraint.

D.

Add the profile to a Constraint profile that is used in a Real-time Protection policy.

Question 22

You need to monitor the health of configured IPsec or GRE tunnels.

In this scenario, which two methods are supported by Netskope to accomplish this task? (Choose two.)

Options:

A.

Use Layer 4 health checks.

B.

Use Dead Peer Detection.

C.

Use ICMP keepalive probing.

D.

Use Netskope Trust Portal.

Question 23

Review the exhibit.

A user has attempted to upload a file to Microsoft OneDrive that contains source code with Pll and PCI data.

Referring to the exhibit, which statement is correct?

Options:

A.

The user will be blocked and a single Incident will be generated referencing the DLP-PCI profile.

B.

The user will be blocked and a single Incident will be generated referencing all of the matching DLP profiles

C.

The user will be blocked and a separate incident will be generated for each of the matching DLP profiles.

D.

The user will be alerted and a single incident will be generated referencing the DLP-PII profile.

Question 24

A hospital has a patient form that they share with their patients over Gmail. The blank form can be freely shared among anyone. However, if the form has any information filled out. the document is considered confidential.

Which rule type should be used in the DLP profile to match such a document?

Options:

A.

Use fingerprint classification.

B.

Use a dictionary rule for all your patient names.

C.

Use Exact Match with patient names

D.

Use predefined DLP Rule(s) that match the patient name.

Page: 1 / 6
Total 81 questions