In this scenario, which configuration change would accomplish this task?

You just deployed the Netskope client in Web mode and several users mention that their messenger application is no longer working. Although you have a specific real-time policy that allows this application, upon further investigation you discover that it is using proprietary encryption. You need to permit access to all the users and maintain some visibility.

In this scenario, which configuration change would accomplish this task?
A . Change the real-time policy to block the messenger application.
B . Create a new custom cloud application using the custom connector that can be used in the real-time policy.
C . Add a policy in the SSL decryption section to bypass the messenger domain(s).
D . Edit the steering configuration and add a steering exception for the messenger application.

View Answer

Answer: C

Explanation:

In this scenario, you have deployed the Netskope client in Web mode, which is a feature that allows you to steer your users’ web traffic to Netskope for inspection and policy enforcement. However, some users report that their messenger application is no longer working, even though you have a specific real-time policy that allows this application. Upon further investigation, you discover that the messenger application is using proprietary encryption, which means that Netskope cannot decrypt or inspect the traffic from this application. To resolve this issue, you need to permit access to all the users and maintain some visibility. The configuration change that would accomplish this task is to add a policy in the SSL decryption section to bypass the messenger domain(s). This will allow Netskope to skip the decryption process for the traffic from the messenger application and pass it through without any modification. However, Netskope will still be able to log some basic information about the traffic, such as source, destination, bytes, etc., for visibility purposes. Changing the real-time policy to block the messenger application, creating a new custom cloud application using the custom connector, or editing the steering configuration and adding a steering exception for the messenger application are not configuration changes that would accomplish this task, as they would either prevent access to the application, require additional steps or resources, or reduce visibility.

Reference: [Netskope Client], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 4: Decryption Policy.