Question #1
You investigate a suspected malware incident and confirm that it was a false alarm.
- A . In this scenario, how would you prevent the same file from triggering another incident?
- B . Quarantine the file. Look up the hash at the VirusTotal website.
- C . Export the packet capture to a pcap file.
- D . Add the hash to the file filter.
Correct Answer: D
D
Explanation:
A file filter is a list of file hashes that you can use to exclude files from inspection by Netskope. By adding the hash of the file that triggered a false alarm to the file filter, you can prevent it from being scanned again by Netskope and avoid generating another incident. Quarantining the file, exporting the packet capture, or looking up the hash at VirusTotal are not effective ways to prevent the same file from triggering another incident, as they do not affect how Netskope handles the file.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 6: Data Loss Prevention, Lesson 2: File Filters.
D
Explanation:
A file filter is a list of file hashes that you can use to exclude files from inspection by Netskope. By adding the hash of the file that triggered a false alarm to the file filter, you can prevent it from being scanned again by Netskope and avoid generating another incident. Quarantining the file, exporting the packet capture, or looking up the hash at VirusTotal are not effective ways to prevent the same file from triggering another incident, as they do not affect how Netskope handles the file.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 6: Data Loss Prevention, Lesson 2: File Filters.
Question #2
Which two common security frameworks are used today to assess and validate a vendor’s security practices? (Choose two.)
- A . Data Science Council of America
- B . Building Security in Maturity Model
- C . ISO 27001
- D . NIST Cybersecurity Framework
Correct Answer: B, C
B, C
Explanation:
The Building Security in Maturity Model (BSIMM) is a framework that measures and compares the security activities of different organizations. It helps organizations to assess their current security practices and identify areas for improvement. ISO 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and improving an information security management system. It helps organizations to manage their information security risks and demonstrate their compliance with best practices. Data Science Council of America (DASCA) is not a security framework, but a credentialing body for data science professionals. NIST Cybersecurity Framework (NIST CSF) is a security framework, but it is not commonly used to assess and validate a vendor’s security practices, as it is more focused on improving the cybersecurity of critical infrastructure sectors in the United States.
Reference: [BSIMM], [ISO 27001], [DASCA], [NIST CSF].
B, C
Explanation:
The Building Security in Maturity Model (BSIMM) is a framework that measures and compares the security activities of different organizations. It helps organizations to assess their current security practices and identify areas for improvement. ISO 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and improving an information security management system. It helps organizations to manage their information security risks and demonstrate their compliance with best practices. Data Science Council of America (DASCA) is not a security framework, but a credentialing body for data science professionals. NIST Cybersecurity Framework (NIST CSF) is a security framework, but it is not commonly used to assess and validate a vendor’s security practices, as it is more focused on improving the cybersecurity of critical infrastructure sectors in the United States.
Reference: [BSIMM], [ISO 27001], [DASCA], [NIST CSF].
Question #3
You have applied a DLP Profile to block all Personally Identifiable Information data uploads to Microsoft 365 OneDrive. DLP Alerts are not displayed and no OneDrive-related activities are displayed in the Skope IT App Events table.
In this scenario, what are two possible reasons for this issue? (Choose two.)
- A . The Cloud Storage category is in the Steering Configuration as an exception.
- B . The destination domain is excluded from decryption in the decryption policy.
- C . A Netskope POP is not in your local country and therefore DLP policies cannot be applied.
- D . DLP policies do not apply when using IPsec as a steering option.
Correct Answer: AB
AB
Explanation:
If the Cloud Storage category is in the Steering Configuration as an exception, then Netskope will not steer any traffic to or from cloud storage applications, such as Microsoft 365 OneDrive, to its platform. This means that Netskope will not be able to inspect or apply any policies to this traffic, including DLP policies. Similarly, if the destination domain is excluded from decryption in the decryption policy, then Netskope will not decrypt any traffic to or from that domain, such as onedrive.com. This means that Netskope will not be able to inspect or apply any policies to this traffic, including DLP policies. The location of the Netskope POP or the use of IPsec as a steering option do not affect the application of DLP policies, as long as Netskope can steer and decrypt the relevant traffic.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 3: Steering Configuration, Lesson 1: Steering Options and Lesson 2: Exceptions; Module 4: Decryption Policy, Lesson 1: Decryption Policy Overview and Lesson 2: Decryption Policy Configuration.
: https://www.bsimm.com/ : https://www.iso.org/isoiec-27001-information-security.html :
https://www.dasca.org/ : https://www.nist.gov/cyberframework
AB
Explanation:
If the Cloud Storage category is in the Steering Configuration as an exception, then Netskope will not steer any traffic to or from cloud storage applications, such as Microsoft 365 OneDrive, to its platform. This means that Netskope will not be able to inspect or apply any policies to this traffic, including DLP policies. Similarly, if the destination domain is excluded from decryption in the decryption policy, then Netskope will not decrypt any traffic to or from that domain, such as onedrive.com. This means that Netskope will not be able to inspect or apply any policies to this traffic, including DLP policies. The location of the Netskope POP or the use of IPsec as a steering option do not affect the application of DLP policies, as long as Netskope can steer and decrypt the relevant traffic.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 3: Steering Configuration, Lesson 1: Steering Options and Lesson 2: Exceptions; Module 4: Decryption Policy, Lesson 1: Decryption Policy Overview and Lesson 2: Decryption Policy Configuration.
: https://www.bsimm.com/ : https://www.iso.org/isoiec-27001-information-security.html :
https://www.dasca.org/ : https://www.nist.gov/cyberframework
Question #4
A customer changes CCI scoring from the default objective score to another score. In this scenario, what would be a valid reason for making this change?
- A . The customer has discovered a new SaaS application that is not yet rated in the CCI database.
- B . The customer’s organization places a higher business risk weight on vendors that claim ownership of their data.
- C . The customer wants to punish an application vendor for providing poor customer service.
- D . The customer’s organization uses a SaaS application that is currently listed as "under research".
Correct Answer: B
B
Explanation:
The CCI scoring is a way to measure the security posture of cloud applications based on a set of criteria and weights. The default objective score is calculated by Netskope using industry best practices and standards. However, customers can change the CCI scoring to suit their own business needs and risk appetite. For example, a customer may want to place a higher business risk weight on vendors that claim ownership of their data, as this may affect their data sovereignty and privacy rights. Changing the CCI scoring for this reason would be valid, as it reflects the customer’s own security requirements and preferences. Changing the CCI scoring for other reasons, such as discovering a new SaaS application, punishing an application vendor, or using an application under research, would not be valid, as they do not align with the purpose and methodology of the CCI scoring.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 7: Cloud Confidence Index (CCI), Lesson 1: CCI Overview and Lesson 2: CCI Scoring.
B
Explanation:
The CCI scoring is a way to measure the security posture of cloud applications based on a set of criteria and weights. The default objective score is calculated by Netskope using industry best practices and standards. However, customers can change the CCI scoring to suit their own business needs and risk appetite. For example, a customer may want to place a higher business risk weight on vendors that claim ownership of their data, as this may affect their data sovereignty and privacy rights. Changing the CCI scoring for this reason would be valid, as it reflects the customer’s own security requirements and preferences. Changing the CCI scoring for other reasons, such as discovering a new SaaS application, punishing an application vendor, or using an application under research, would not be valid, as they do not align with the purpose and methodology of the CCI scoring.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 7: Cloud Confidence Index (CCI), Lesson 1: CCI Overview and Lesson 2: CCI Scoring.
Question #5
What are two use cases for Netskope’s DLP solution? (Choose two.)
- A . to stop unintentional data movement
- B . to detect malware in files before they are uploaded to a cloud application
- C . to detect sensitive data in password protected files
- D . to ensure regulatory compliance
Correct Answer: A, D
A, D
Explanation:
Netskope’s DLP solution is a powerful tool that can help customers protect their sensitive data from unauthorized access, exposure, or loss. One use case for Netskope’s DLP solution is to stop unintentional data movement, such as accidental uploads, downloads, or sharing of confidential files or information to or from cloud applications. Another use case for Netskope’s DLP solution is to ensure regulatory compliance, such as GDPR, HIPAA, PCI-DSS, or other industry-specific standards that require data protection and privacy measures. Netskope’s DLP solution can help customers comply with these regulations by detecting and preventing data breaches, enforcing encryption policies, applying data retention rules, and generating audit reports. Detecting malware in files before they are uploaded to a cloud application or detecting sensitive data in password protected files are not use cases for Netskope’s DLP solution, as they are more related to threat protection or file inspection capabilities.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 6: Data Loss Prevention, Lesson 1: DLP Overview.
A, D
Explanation:
Netskope’s DLP solution is a powerful tool that can help customers protect their sensitive data from unauthorized access, exposure, or loss. One use case for Netskope’s DLP solution is to stop unintentional data movement, such as accidental uploads, downloads, or sharing of confidential files or information to or from cloud applications. Another use case for Netskope’s DLP solution is to ensure regulatory compliance, such as GDPR, HIPAA, PCI-DSS, or other industry-specific standards that require data protection and privacy measures. Netskope’s DLP solution can help customers comply with these regulations by detecting and preventing data breaches, enforcing encryption policies, applying data retention rules, and generating audit reports. Detecting malware in files before they are uploaded to a cloud application or detecting sensitive data in password protected files are not use cases for Netskope’s DLP solution, as they are more related to threat protection or file inspection capabilities.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 6: Data Loss Prevention, Lesson 1: DLP Overview.
Question #6
What are two uses for deploying a Netskope Virtual Appliance? (Choose two.)
- A . as an endpoint for Netskope Private Access (NPA)
- B . as a local reverse-proxy to secure a SaaS application
- C . as a log parser to discover in-use cloud applications
- D . as a Secure Forwarder to steer traffic
Correct Answer: A, D
A, D
Explanation:
A Netskope Virtual Appliance is a software-based appliance that can be deployed on-premises or in the cloud to provide various functions and features for the Netskope Security Cloud platform. One use for deploying a Netskope Virtual Appliance is as an endpoint for Netskope Private Access (NPA), which is a service that allows users to securely access private applications without exposing them to the internet or using VPNs. Another use for deploying a Netskope Virtual Appliance is as a Secure Forwarder to steer traffic from on-premises devices or networks to the Netskope platform for inspection and policy enforcement. Using a Netskope Virtual Appliance as a local reverse-proxy to secure a SaaS application or as a log parser to discover in-use cloud applications are not valid uses, as these functions are performed by other components of the Netskope Security Cloud platform, such as the Cloud Access Security Broker (CASB) or the Cloud XD engine.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 2: Architecture Overview; [Netskope Private Access]; [Netskope Secure Forwarder].
A, D
Explanation:
A Netskope Virtual Appliance is a software-based appliance that can be deployed on-premises or in the cloud to provide various functions and features for the Netskope Security Cloud platform. One use for deploying a Netskope Virtual Appliance is as an endpoint for Netskope Private Access (NPA), which is a service that allows users to securely access private applications without exposing them to the internet or using VPNs. Another use for deploying a Netskope Virtual Appliance is as a Secure Forwarder to steer traffic from on-premises devices or networks to the Netskope platform for inspection and policy enforcement. Using a Netskope Virtual Appliance as a local reverse-proxy to secure a SaaS application or as a log parser to discover in-use cloud applications are not valid uses, as these functions are performed by other components of the Netskope Security Cloud platform, such as the Cloud Access Security Broker (CASB) or the Cloud XD engine.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 2: Architecture Overview; [Netskope Private Access]; [Netskope Secure Forwarder].
Question #7
You are working with a large retail chain and have concerns about their customer data. You want to protect customer credit card data so that it is never exposed in transit or at rest.
In this scenario, which regulatory compliance standard should be used to govern this data?
- A . SOC 3
- B . PCI-DSS
- C . AES-256
- D . ISO 27001
Correct Answer: B
B
Explanation:
PCI-DSS stands for Payment Card Industry Data Security Standard, which is a set of security requirements for organizations that handle credit card data. It aims to protect cardholder data from unauthorized access, disclosure, or theft, both in transit and at rest. PCI-DSS covers various aspects of security, such as encryption, authentication, firewall, logging, monitoring, and incident response. If you are working with a large retail chain and have concerns about their customer data, you should use PCI-DSS as the regulatory compliance standard to govern this data. SOC 3, AES-256, and ISO 27001 are not specific to credit card data protection, although they may have some relevance to general security practices.
Reference: [PCI-DSS], [SOC 3], [AES-256], [ISO 27001].
B
Explanation:
PCI-DSS stands for Payment Card Industry Data Security Standard, which is a set of security requirements for organizations that handle credit card data. It aims to protect cardholder data from unauthorized access, disclosure, or theft, both in transit and at rest. PCI-DSS covers various aspects of security, such as encryption, authentication, firewall, logging, monitoring, and incident response. If you are working with a large retail chain and have concerns about their customer data, you should use PCI-DSS as the regulatory compliance standard to govern this data. SOC 3, AES-256, and ISO 27001 are not specific to credit card data protection, although they may have some relevance to general security practices.
Reference: [PCI-DSS], [SOC 3], [AES-256], [ISO 27001].
Question #8
You need to block all users from uploading data files into risky collaboration applications.
Which element must you configure within Netskope’s CASB to accomplish this task?
- A . DLP Rule
- B . real-time policy
- C . DLP Profile
- D . block notification
Correct Answer: B
B
Explanation:
A real-time policy is a type of policy in Netskope’s CASB that allows you to control the actions that users can perform on cloud applications in real time. You can use a real-time policy to block all users from uploading data files into risky collaboration applications by specifying the following elements: the application category (such as Collaboration), the activity (such as Upload), the file type (such as Data), the risk level (such as High or Very High), and the action (such as Block). A DLP rule, a DLP profile, and a block notification are not sufficient to accomplish this task, as they are either sub-components or outcomes of a real-time policy.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 5: Real-Time Policies, Lesson 1: Real-Time Policy Overview and Lesson 2: Real-Time Policy Configuration.
B
Explanation:
A real-time policy is a type of policy in Netskope’s CASB that allows you to control the actions that users can perform on cloud applications in real time. You can use a real-time policy to block all users from uploading data files into risky collaboration applications by specifying the following elements: the application category (such as Collaboration), the activity (such as Upload), the file type (such as Data), the risk level (such as High or Very High), and the action (such as Block). A DLP rule, a DLP profile, and a block notification are not sufficient to accomplish this task, as they are either sub-components or outcomes of a real-time policy.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 5: Real-Time Policies, Lesson 1: Real-Time Policy Overview and Lesson 2: Real-Time Policy Configuration.
Question #9
Which three security controls are offered by the Netskope Cloud platform? (Choose three.)
- A . identity lifecycle management
- B . data loss prevention for SMTP
- C . cloud security posture management
- D . endpoint anti-malware
- E . threat protection
Correct Answer: BCE
BCE
Explanation:
Three security controls that are offered by the Netskope Cloud platform are:
C. cloud security posture management,
E. threat protection, and
B. data loss prevention for SMTP.
Cloud security posture management is a service that provides continuous assessment and remediation of public cloud deployments for risks, threats, and compliance issues. Netskope CSPM leverages the APIs available from cloud service providers such as AWS, Azure, and GCP to scan the cloud infrastructure for misconfigurations, such as insecure permissions, open ports, unencrypted data, etc. Netskope CSPM also provides security posture policies, profiles, and rules that can be customized to match the security standards and best practices of the organization or industry.
Threat protection is a capability to detect and block malware, ransomware, phishing, and other cyber threats that may compromise cloud data or users. Netskope threat protection uses advanced techniques such as machine learning, sandboxing, threat intelligence, and behavioral analysis to identify and prevent malicious activities in real time. Netskope threat protection also integrates with third-party solutions such as antivirus engines, firewalls, SIEMs, etc., to provide comprehensive defense across the cloud and web1.
Data loss prevention for SMTP is a feature that allows you to protect sensitive data that is sent or received via email. Netskope DLP for SMTP can scan email messages and attachments for predefined or custom data patterns, such as credit card numbers, social security numbers, health records, etc., and apply appropriate actions, such as block, quarantine, encrypt, notify, etc., based on the DLP policies. Netskope DLP for SMTP can also support multiple email domains and routing rules for different groups of users2.
BCE
Explanation:
Three security controls that are offered by the Netskope Cloud platform are:
C. cloud security posture management,
E. threat protection, and
B. data loss prevention for SMTP.
Cloud security posture management is a service that provides continuous assessment and remediation of public cloud deployments for risks, threats, and compliance issues. Netskope CSPM leverages the APIs available from cloud service providers such as AWS, Azure, and GCP to scan the cloud infrastructure for misconfigurations, such as insecure permissions, open ports, unencrypted data, etc. Netskope CSPM also provides security posture policies, profiles, and rules that can be customized to match the security standards and best practices of the organization or industry.
Threat protection is a capability to detect and block malware, ransomware, phishing, and other cyber threats that may compromise cloud data or users. Netskope threat protection uses advanced techniques such as machine learning, sandboxing, threat intelligence, and behavioral analysis to identify and prevent malicious activities in real time. Netskope threat protection also integrates with third-party solutions such as antivirus engines, firewalls, SIEMs, etc., to provide comprehensive defense across the cloud and web1.
Data loss prevention for SMTP is a feature that allows you to protect sensitive data that is sent or received via email. Netskope DLP for SMTP can scan email messages and attachments for predefined or custom data patterns, such as credit card numbers, social security numbers, health records, etc., and apply appropriate actions, such as block, quarantine, encrypt, notify, etc., based on the DLP policies. Netskope DLP for SMTP can also support multiple email domains and routing rules for different groups of users2.
Question #10
You want to use an out-of-band API connection into your sanctioned Microsoft 365 OneDrive for Business application to find sensitive content, enforce near real-time policy controls, and quarantine malware.
In this scenario, which primary function in the Netskope platform would you use to connect your application to Netskope?
- A . DLP forensics
- B . Risk Insights
- C . laaS API-enabled Protection
- D . SaaS API-enabled Protection
Correct Answer: D
D
Explanation:
SaaS API-enabled Protection is a primary function in the Netskope platform that allows customers to connect their sanctioned SaaS applications to Netskope using out-of-band API connections. This enables customers to find sensitive content, enforce near real-time policy controls, and quarantine malware in their SaaS applications without affecting user experience or performance. If you want to use an out-of-band API connection into your sanctioned Microsoft 365 OneDrive for Business application to achieve these goals, you should use SaaS API-enabled Protection as the primary function in the Netskope platform. DLP forensics, Risk Insights, and IaaS API-enabled Protection are not primary functions in the Netskope platform that can be used to connect your application to Netskope.
Reference: [Netskope SaaS API-enabled Protection].
D
Explanation:
SaaS API-enabled Protection is a primary function in the Netskope platform that allows customers to connect their sanctioned SaaS applications to Netskope using out-of-band API connections. This enables customers to find sensitive content, enforce near real-time policy controls, and quarantine malware in their SaaS applications without affecting user experience or performance. If you want to use an out-of-band API connection into your sanctioned Microsoft 365 OneDrive for Business application to achieve these goals, you should use SaaS API-enabled Protection as the primary function in the Netskope platform. DLP forensics, Risk Insights, and IaaS API-enabled Protection are not primary functions in the Netskope platform that can be used to connect your application to Netskope.
Reference: [Netskope SaaS API-enabled Protection].
Question #11
You need to create a service request ticket for a client-related issue using the Netskope client Ul.
In this scenario, you generate the client logs by right-clicking on the system tray icon and choosing
- A . Save logs
- B . Configuration
- C . Troubleshoot
- D . Help
Correct Answer: C
C
Explanation:
To create a service request ticket for a client-related issue using the Netskope client UI, you need to generate the client logs by right-clicking on the system tray icon and choosing Troubleshoot. This will open a window where you can select the option to Save Logs, which will create a zip file containing the client logs. You can then attach this file to your service request ticket and provide any relevant details about the issue. Choosing Save logs, Configuration, or Help will not generate the client logs, as they perform different functions, such as saving the current configuration, opening the settings menu, or opening the help page.
Reference: [Netskope Client Troubleshooting].
C
Explanation:
To create a service request ticket for a client-related issue using the Netskope client UI, you need to generate the client logs by right-clicking on the system tray icon and choosing Troubleshoot. This will open a window where you can select the option to Save Logs, which will create a zip file containing the client logs. You can then attach this file to your service request ticket and provide any relevant details about the issue. Choosing Save logs, Configuration, or Help will not generate the client logs, as they perform different functions, such as saving the current configuration, opening the settings menu, or opening the help page.
Reference: [Netskope Client Troubleshooting].
Question #12
What are two characteristics of Netskope’s Private Access Solution? (Choose two.)
- A . It provides protection for private applications.
- B . It provides access to private applications.
- C . It acts as a cloud-based firewall.
- D . It requires on-premises hardware.
Correct Answer: AB
AB
Explanation:
Netskope’s Private Access Solution is a service that allows users to securely access private applications without exposing them to the internet or using VPNs. It provides protection for private applications by encrypting the traffic, enforcing granular policies, and preventing data exfiltration. It also provides access to private applications by creating a secure tunnel between the user’s device and the application’s server, regardless of their location or network. It does not act as a cloud-based firewall, as it does not filter or block traffic based on ports or protocols. It does not require on-premises hardware, as it is a cloud-native solution that leverages Netskope’s global network of points of presence (POPs).
Reference: [Netskope Private Access].
AB
Explanation:
Netskope’s Private Access Solution is a service that allows users to securely access private applications without exposing them to the internet or using VPNs. It provides protection for private applications by encrypting the traffic, enforcing granular policies, and preventing data exfiltration. It also provides access to private applications by creating a secure tunnel between the user’s device and the application’s server, regardless of their location or network. It does not act as a cloud-based firewall, as it does not filter or block traffic based on ports or protocols. It does not require on-premises hardware, as it is a cloud-native solution that leverages Netskope’s global network of points of presence (POPs).
Reference: [Netskope Private Access].
Question #13
You are required to mitigate malicious scripts from being downloaded into your corporate devices every time a user goes to a website. Users need to access websites from a variety of categories, including new websites.
Which two actions would help you accomplish this task while allowing the user to work? (Choose two.)
- A . Allow the user to browse uncategorized domains but restrict edit activities.
- B . Block malware detected on download activity for all remaining categories.
- C . Block known bad websites and enable RBI to uncategorized domains.
- D . Allow a limited amount of domains and block everything else.
Correct Answer: B, C
B, C
Explanation:
To mitigate malicious scripts from being downloaded into your corporate devices every time a user goes to a website, you need to use Netskope’s threat protection features to block or isolate potentially harmful web traffic.
Two actions that would help you accomplish this task while allowing the user to work are:
block malware detected on download activity for all remaining categories and block known bad websites and enable RBI to uncategorized domains. The first action will prevent any files that contain malware from being downloaded to your devices from any website category, except those that are explicitly allowed or excluded by your policies. The second action will prevent any websites that are classified as malicious or phishing by Netskope from being accessed by your users and enable Remote Browser Isolation (RBI) to uncategorized domains, which are domains that have not been assigned a category by Netskope. RBI is a feature that allows users to browse websites in a virtual browser hosted in the cloud, without exposing their devices to any scripts or content from the website. Allowing the user to browse uncategorized domains but restrict edit activities or allowing a limited amount of domains and block everything else are not effective actions, as they may either limit the user’s productivity or expose them to unknown risks.
Reference: [Netskope Threat Protection], [Netskope Remote Browser Isolation].
B, C
Explanation:
To mitigate malicious scripts from being downloaded into your corporate devices every time a user goes to a website, you need to use Netskope’s threat protection features to block or isolate potentially harmful web traffic.
Two actions that would help you accomplish this task while allowing the user to work are:
block malware detected on download activity for all remaining categories and block known bad websites and enable RBI to uncategorized domains. The first action will prevent any files that contain malware from being downloaded to your devices from any website category, except those that are explicitly allowed or excluded by your policies. The second action will prevent any websites that are classified as malicious or phishing by Netskope from being accessed by your users and enable Remote Browser Isolation (RBI) to uncategorized domains, which are domains that have not been assigned a category by Netskope. RBI is a feature that allows users to browse websites in a virtual browser hosted in the cloud, without exposing their devices to any scripts or content from the website. Allowing the user to browse uncategorized domains but restrict edit activities or allowing a limited amount of domains and block everything else are not effective actions, as they may either limit the user’s productivity or expose them to unknown risks.
Reference: [Netskope Threat Protection], [Netskope Remote Browser Isolation].
Question #14
A customer asks you to create several real-time policies. Policy A generates alerts when any user downloads, uploads, or shares files on a cloud storage application. Policy B blocks users from downloading files from any operating system (OS) other than Mac or Windows for cloud storage. In this case, policy A is least restrictive and policy B is more restrictive.
Which statement is correct in this scenario?
- A . Policy A is implemented before policy B.
- B . Policy B is implemented before policy A.
- C . The policy order is not important; policies are independent of each other.
- D . These two policies would actually not work together.
Correct Answer: B
B
Explanation:
In this scenario, policy B is more restrictive than policy A, as it blocks users from downloading files from any OS other than Mac or Windows for cloud storage, while policy A only generates alerts when any user downloads, uploads, or shares files on a cloud storage application. Therefore, policy B should be implemented before policy A, as the policy order determines the order of evaluation and enforcement of the policies. If policy A is implemented before policy B, then policy B will never be triggered, as policy A will match all the download activities for cloud storage and generate alerts. The policy order is important; policies are not independent of each other, as they may have overlapping or conflicting conditions and actions. These two policies would actually work together, as long as they are ordered correctly.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 5: Real-Time Policies, Lesson 3: Policy Order.
B
Explanation:
In this scenario, policy B is more restrictive than policy A, as it blocks users from downloading files from any OS other than Mac or Windows for cloud storage, while policy A only generates alerts when any user downloads, uploads, or shares files on a cloud storage application. Therefore, policy B should be implemented before policy A, as the policy order determines the order of evaluation and enforcement of the policies. If policy A is implemented before policy B, then policy B will never be triggered, as policy A will match all the download activities for cloud storage and generate alerts. The policy order is important; policies are not independent of each other, as they may have overlapping or conflicting conditions and actions. These two policies would actually work together, as long as they are ordered correctly.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 5: Real-Time Policies, Lesson 3: Policy Order.
Question #15
A company is attempting to steer traffic to Netskope using GRE tunnels. They notice that after the initial configuration, users cannot access external websites from their browsers.
What are three probable causes for this issue? (Choose three.)
- A . The pre-shared key for the GRE tunnel is incorrect.
- B . The configured GRE peer in the Netskope platform is incorrect.
- C . The corporate firewall might be blocking GRE traffic.
- D . The route map was applied to the wrong router interface.
- E . Netskope does not support GRE tunnels.
Correct Answer: BCD
BCD
Explanation:
In this scenario, there are three probable causes for the issue of users not being able to access external websites from their browsers after attempting to steer traffic to Netskope using GRE tunnels. One cause is that the configured GRE peer in the Netskope platform is incorrect, which means that the Netskope POP that is supposed to receive the GRE traffic from the customer’s network is not matching the IP address of the customer’s router that is sending the GRE traffic. This will result in a failure to establish a GRE tunnel between the customer and Netskope. Another cause is that the corporate firewall might be blocking GRE traffic, which means that the firewall rules are not allowing the GRE protocol (IP protocol number 47) or the UDP port 4789 (for VXLAN encapsulation) to pass through. This will result in a failure to send or receive GRE packets between the customer and Netskope. A third cause is that the route map was applied to the wrong router interface, which means that the configuration that specifies which traffic should be steered to Netskope using GRE tunnels was not applied to the correct interface on the customer’s router. This will result in a failure to steer the desired traffic to Netskope. The pre-shared key for the GRE tunnel is incorrect is not a probable cause for this issue, as GRE tunnels do not use pre-shared keys for authentication or encryption. Netskope does support GRE tunnels, so this is not a cause for this issue either.
Reference: [Netskope Secure Forwarder], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 3: Steering Configuration, Lesson 3: Secure Forwarder.
BCD
Explanation:
In this scenario, there are three probable causes for the issue of users not being able to access external websites from their browsers after attempting to steer traffic to Netskope using GRE tunnels. One cause is that the configured GRE peer in the Netskope platform is incorrect, which means that the Netskope POP that is supposed to receive the GRE traffic from the customer’s network is not matching the IP address of the customer’s router that is sending the GRE traffic. This will result in a failure to establish a GRE tunnel between the customer and Netskope. Another cause is that the corporate firewall might be blocking GRE traffic, which means that the firewall rules are not allowing the GRE protocol (IP protocol number 47) or the UDP port 4789 (for VXLAN encapsulation) to pass through. This will result in a failure to send or receive GRE packets between the customer and Netskope. A third cause is that the route map was applied to the wrong router interface, which means that the configuration that specifies which traffic should be steered to Netskope using GRE tunnels was not applied to the correct interface on the customer’s router. This will result in a failure to steer the desired traffic to Netskope. The pre-shared key for the GRE tunnel is incorrect is not a probable cause for this issue, as GRE tunnels do not use pre-shared keys for authentication or encryption. Netskope does support GRE tunnels, so this is not a cause for this issue either.
Reference: [Netskope Secure Forwarder], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 3: Steering Configuration, Lesson 3: Secure Forwarder.
Question #16
What are two fundamental differences between the inline and API implementation of the Netskope platform? (Choose two.)
- A . The API implementation can be used with both sanctioned and unsanctioned applications.
- B . The API implementation can only be used with sanctioned applications.
- C . The inline implementation can effectively block a transaction in both sanctioned and unsanctioned applications.
- D . The inline implementation can only effectively block a transaction in sanctioned applications.
Correct Answer: BC
BC
Explanation:
The inline and API implementation of the Netskope platform are two different ways of connecting cloud applications to Netskope for inspection and policy enforcement. Two fundamental differences between them are: The API implementation can only be used with sanctioned applications, which are applications that are approved and authorized by the organization for business use. The API implementation relies on using out-of-band API connections to access data and events from these applications and apply near real-time policies. The inline implementation can effectively block a transaction in both sanctioned and unsanctioned applications, which are applications that are not approved or authorized by the organization for business use. The inline implementation relies on using in-band proxy or reverse-proxy connections to intercept traffic to and from these applications and apply real-time policies. The API implementation can be used with both sanctioned and unsanctioned applications and the inline implementation can only effectively block a transaction in sanctioned applications are not true statements, as they contradict the actual capabilities and limitations of each implementation method.
Reference: [Netskope SaaS API-enabled Protection], [Netskope Inline CASB].
BC
Explanation:
The inline and API implementation of the Netskope platform are two different ways of connecting cloud applications to Netskope for inspection and policy enforcement. Two fundamental differences between them are: The API implementation can only be used with sanctioned applications, which are applications that are approved and authorized by the organization for business use. The API implementation relies on using out-of-band API connections to access data and events from these applications and apply near real-time policies. The inline implementation can effectively block a transaction in both sanctioned and unsanctioned applications, which are applications that are not approved or authorized by the organization for business use. The inline implementation relies on using in-band proxy or reverse-proxy connections to intercept traffic to and from these applications and apply real-time policies. The API implementation can be used with both sanctioned and unsanctioned applications and the inline implementation can only effectively block a transaction in sanctioned applications are not true statements, as they contradict the actual capabilities and limitations of each implementation method.
Reference: [Netskope SaaS API-enabled Protection], [Netskope Inline CASB].
Question #17
Your company asks you to obtain a detailed list of all events from the last 24 hours for a specific user.
In this scenario, what are two methods to accomplish this task? (Choose two.)
- A . Use the Netskope reporting engine.
- B . Export the data from Skope IT Application Events.
- C . Use the Netskope REST API.
- D . Export the data from Skope IT Alerts.
Correct Answer: BC
BC
Explanation:
In this scenario, there are two methods to obtain a detailed list of all events from the last 24 hours for a specific user. One method is to export the data from Skope IT Application Events, which is a feature in the Netskope platform that allows you to view and analyze all the activities performed by users on cloud applications. You can use filters to narrow down your search by user name, time range, application, activity, and other criteria. You can then export the data to a CSV or JSON file for further analysis or reporting. Another method is to use the Netskope REST API, which is a programmatic interface that allows you to access and manipulate data from the Netskope platform using HTTP requests. You can use the API to query for events by user name, time range, application, activity, and other parameters. You can then retrieve the data in JSON format for further analysis or integration with other tools. Using the Netskope reporting engine or exporting the data from Skope IT Alerts are not methods to obtain a detailed list of all events from the last 24 hours for a specific user, as they are more suited for generating summary reports or alerts based on predefined criteria or thresholds, rather than granular event data.
Reference: [Netskope Skope IT Application Events], [Netskope REST API].
BC
Explanation:
In this scenario, there are two methods to obtain a detailed list of all events from the last 24 hours for a specific user. One method is to export the data from Skope IT Application Events, which is a feature in the Netskope platform that allows you to view and analyze all the activities performed by users on cloud applications. You can use filters to narrow down your search by user name, time range, application, activity, and other criteria. You can then export the data to a CSV or JSON file for further analysis or reporting. Another method is to use the Netskope REST API, which is a programmatic interface that allows you to access and manipulate data from the Netskope platform using HTTP requests. You can use the API to query for events by user name, time range, application, activity, and other parameters. You can then retrieve the data in JSON format for further analysis or integration with other tools. Using the Netskope reporting engine or exporting the data from Skope IT Alerts are not methods to obtain a detailed list of all events from the last 24 hours for a specific user, as they are more suited for generating summary reports or alerts based on predefined criteria or thresholds, rather than granular event data.
Reference: [Netskope Skope IT Application Events], [Netskope REST API].
Question #18
Why would you want to define an App Instance?
- A . to create an API Data Protection Policy for a personal Box instance
- B . to differentiate between an enterprise Google Drive instance vs. a personal Google Drive instance
- C . to enable the instance_id attribute in the advanced search field when using query mode
- D . to differentiate between an enterprise Google Drive instance vs. an enterprise Box instance
Correct Answer: B
B
Explanation:
An App Instance is a feature in the Netskope platform that allows you to define and identify different instances of the same cloud application based on the domain name or URL. For example, you can define an App Instance for your enterprise Google Drive instance (such as drive.google.com/a/yourcompany.com) and another App Instance for your personal Google Drive instance (such as drive.google.com). This way, you can differentiate between them and apply different policies and actions based on the App Instance. You would want to define an App Instance to achieve this level of granularity and control over your cloud application activities. Creating an API Data Protection Policy for a personal Box instance, enabling the instance_id attribute in the advanced search field, or differentiating between an enterprise Google Drive instance vs. an enterprise Box instance are not valid reasons to define an App Instance, as they are either unrelated or irrelevant to the App Instance feature.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 5: Real-Time Policies, Lesson 4: App Instances.
B
Explanation:
An App Instance is a feature in the Netskope platform that allows you to define and identify different instances of the same cloud application based on the domain name or URL. For example, you can define an App Instance for your enterprise Google Drive instance (such as drive.google.com/a/yourcompany.com) and another App Instance for your personal Google Drive instance (such as drive.google.com). This way, you can differentiate between them and apply different policies and actions based on the App Instance. You would want to define an App Instance to achieve this level of granularity and control over your cloud application activities. Creating an API Data Protection Policy for a personal Box instance, enabling the instance_id attribute in the advanced search field, or differentiating between an enterprise Google Drive instance vs. an enterprise Box instance are not valid reasons to define an App Instance, as they are either unrelated or irrelevant to the App Instance feature.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 5: Real-Time Policies, Lesson 4: App Instances.
Question #19
You want to enable Netskope to gain visibility into your users’ cloud application activities in an inline mode.
In this scenario, which two deployment methods would match your inline use case? (Choose two.)
- A . Use a forward proxy.
- B . Use an API connector
- C . Use a log parser.
- D . Use a reverse proxy.
Correct Answer: A, D
A, D
Explanation:
To enable Netskope to gain visibility into your users’ cloud application activities in an inline mode, you need to use a deployment method that allows Netskope to intercept and inspect the traffic between your users and the cloud applications in real time. Two deployment methods that would match your inline use case are: use a forward proxy and use a reverse proxy. A forward proxy is a deployment method that allows Netskope to act as a proxy server for your users’ outbound traffic to the internet. You can configure your users’ devices or browsers to send their traffic to Netskope’s proxy server, either manually or using PAC files or VPN profiles. A reverse proxy is a deployment method that allows Netskope to act as a proxy server for your users’ inbound traffic from specific cloud applications. You can configure your cloud applications to redirect their traffic to Netskope’s proxy server, either using custom URLs or certificates. Using an API connector or a log parser are not deployment methods that would match your inline use case, as they are more suitable for out-of-band modes that rely on accessing data and events from the cloud applications using APIs or logs, rather than intercepting traffic in real time.
Reference: [Netskope Inline CASB], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 3: Steering Configuration, Lesson 4: Forward Proxy and Lesson 5: Reverse Proxy.
A, D
Explanation:
To enable Netskope to gain visibility into your users’ cloud application activities in an inline mode, you need to use a deployment method that allows Netskope to intercept and inspect the traffic between your users and the cloud applications in real time. Two deployment methods that would match your inline use case are: use a forward proxy and use a reverse proxy. A forward proxy is a deployment method that allows Netskope to act as a proxy server for your users’ outbound traffic to the internet. You can configure your users’ devices or browsers to send their traffic to Netskope’s proxy server, either manually or using PAC files or VPN profiles. A reverse proxy is a deployment method that allows Netskope to act as a proxy server for your users’ inbound traffic from specific cloud applications. You can configure your cloud applications to redirect their traffic to Netskope’s proxy server, either using custom URLs or certificates. Using an API connector or a log parser are not deployment methods that would match your inline use case, as they are more suitable for out-of-band modes that rely on accessing data and events from the cloud applications using APIs or logs, rather than intercepting traffic in real time.
Reference: [Netskope Inline CASB], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 3: Steering Configuration, Lesson 4: Forward Proxy and Lesson 5: Reverse Proxy.
Question #20
Which two cloud security and infrastructure enablement technologies does Secure Access Service Edge (SASE) combine into its unified platform? (Choose two.)
- A . Distributed Denial of Service Protection (DDoS)
- B . Zero Trust Network Access (ZTNA)
- C . Cloud Access Security Broker (CASB)
- D . Unified Threat Management (UTM)
Correct Answer: BC
BC
Explanation:
Secure Access Service Edge (SASE) is a cloud-based architecture that combines various cloud security and infrastructure enablement technologies into a unified platform that delivers security and networking services from the edge of the network. Two of these technologies are Zero Trust Network Access (ZTNA) and Cloud Access Security Broker (CASB). ZTNA is a technology that provides secure access to private applications without exposing them to the internet or using VPNs. It uses identity-based policies and encryption to grant granular access to authorized users and devices, regardless of their location or network. CASB is a technology that provides visibility and control over cloud applications (SaaS) used by users and devices. It uses API connections or inline proxies to inspect and enforce policies on data and activities in cloud applications, such as data loss prevention, threat protection, or compliance. Distributed Denial of Service Protection (DDoS) and Unified Threat Management (UTM) are not technologies that SASE combines into its unified platform, although they may be related or integrated with some of its components.
Reference: [SASE], [ZTNA], [CASB].
BC
Explanation:
Secure Access Service Edge (SASE) is a cloud-based architecture that combines various cloud security and infrastructure enablement technologies into a unified platform that delivers security and networking services from the edge of the network. Two of these technologies are Zero Trust Network Access (ZTNA) and Cloud Access Security Broker (CASB). ZTNA is a technology that provides secure access to private applications without exposing them to the internet or using VPNs. It uses identity-based policies and encryption to grant granular access to authorized users and devices, regardless of their location or network. CASB is a technology that provides visibility and control over cloud applications (SaaS) used by users and devices. It uses API connections or inline proxies to inspect and enforce policies on data and activities in cloud applications, such as data loss prevention, threat protection, or compliance. Distributed Denial of Service Protection (DDoS) and Unified Threat Management (UTM) are not technologies that SASE combines into its unified platform, although they may be related or integrated with some of its components.
Reference: [SASE], [ZTNA], [CASB].
Question #21
In the Skope IT interface, which two event tables would be used to label a cloud application instance? (Choose two.)
- A . Network Events
- B . Page Events
- C . Application Events
- D . Alerts
Correct Answer: B, C
B, C
Explanation:
In the Skope IT interface, which is a feature in the Netskope platform that allows you to view and analyze all the activities performed by users on cloud applications, there are two event tables that would be used to label a cloud application instance: Page Events and Application Events. Page Events are events that capture the URL and category of the web pages visited by users, as well as the time spent and the bytes transferred on each page. Application Events are events that capture the details of the actions performed by users on cloud applications, such as upload, download, share, edit, delete, etc. You can use these event tables to label a cloud application instance by applying filters based on the domain name or URL of the instance, such as drive.google.com/a/yourcompany.com or slack.com/yourteam. You can then assign a custom label to the filtered events and use it for reporting or policy enforcement. Network Events and Alerts are not event tables that would be used to label a cloud application instance, as they are more related to network traffic or policy violations, rather than cloud application activities.
Reference: [Netskope Skope IT], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 8: Skope IT.
B, C
Explanation:
In the Skope IT interface, which is a feature in the Netskope platform that allows you to view and analyze all the activities performed by users on cloud applications, there are two event tables that would be used to label a cloud application instance: Page Events and Application Events. Page Events are events that capture the URL and category of the web pages visited by users, as well as the time spent and the bytes transferred on each page. Application Events are events that capture the details of the actions performed by users on cloud applications, such as upload, download, share, edit, delete, etc. You can use these event tables to label a cloud application instance by applying filters based on the domain name or URL of the instance, such as drive.google.com/a/yourcompany.com or slack.com/yourteam. You can then assign a custom label to the filtered events and use it for reporting or policy enforcement. Network Events and Alerts are not event tables that would be used to label a cloud application instance, as they are more related to network traffic or policy violations, rather than cloud application activities.
Reference: [Netskope Skope IT], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 8: Skope IT.
Question #22
Your department is asked to report on GDPR data publicly exposed in Microsoft 365, Salesforce. and Slack-sanctioned cloud applications.
Which deployment model would you use to discover this data?
- A . reverse proxy
- B . on-premises appliance
- C . API-enabled protection
- D . inline protection
Correct Answer: C
C
Explanation:
To discover GDPR data publicly exposed in Microsoft 365, Salesforce, and Slack-sanctioned cloud applications, you need to use a deployment model that allows Netskope to access and scan the data stored in these applications using out-of-band API connections. The deployment model that would match this requirement is API-enabled protection, which is a feature in the Netskope platform that allows you to connect your sanctioned cloud applications to Netskope using API connectors. This enables you to discover sensitive data, enforce near real-time policy controls, and quarantine malware in your cloud applications without affecting user experience or performance. You can use Netskope’s data loss prevention (DLP) engine to scan for GDPR data in your cloud applications and identify any public exposure or sharing settings that may violate the regulation. A reverse proxy, an on-premises appliance, or an inline protection are not deployment models that would help you discover GDPR data publicly exposed in your sanctioned cloud applications, as they are more suitable for inline modes that rely on intercepting traffic to and from these applications in real time, rather than accessing data stored in these applications using APIs.
Reference: [Netskope SaaS API-enabled Protection], [Netskope Data Loss Prevention].
C
Explanation:
To discover GDPR data publicly exposed in Microsoft 365, Salesforce, and Slack-sanctioned cloud applications, you need to use a deployment model that allows Netskope to access and scan the data stored in these applications using out-of-band API connections. The deployment model that would match this requirement is API-enabled protection, which is a feature in the Netskope platform that allows you to connect your sanctioned cloud applications to Netskope using API connectors. This enables you to discover sensitive data, enforce near real-time policy controls, and quarantine malware in your cloud applications without affecting user experience or performance. You can use Netskope’s data loss prevention (DLP) engine to scan for GDPR data in your cloud applications and identify any public exposure or sharing settings that may violate the regulation. A reverse proxy, an on-premises appliance, or an inline protection are not deployment models that would help you discover GDPR data publicly exposed in your sanctioned cloud applications, as they are more suitable for inline modes that rely on intercepting traffic to and from these applications in real time, rather than accessing data stored in these applications using APIs.
Reference: [Netskope SaaS API-enabled Protection], [Netskope Data Loss Prevention].
Question #23
Which two technologies form a part of Netskope’s Threat Protection module? (Choose two.)
- A . log parser
- B . DLP
- C . sandbox
- D . heuristics
Correct Answer: C, D
C, D
Explanation:
To protect your users from malicious scripts that may be downloaded from websites, you need to use technologies that can detect and prevent malware, ransomware, phishing, and other advanced threats in web traffic. Two technologies that form a part of Netskope’s Threat Protection module, which is a feature in the Netskope platform that provides these capabilities, are sandbox and heuristics. Sandbox is a technology that allows Netskope to analyze suspicious files or URLs in a virtual environment isolated from the rest of the network. It simulates the execution of the files or URLs and observes their behavior and impact on the system. It then generates a verdict based on the analysis and blocks any malicious files or URLs from reaching your users or devices. Heuristics is a technology that allows Netskope to identify unknown or emerging threats based on their characteristics or patterns, rather than relying on predefined signatures or rules. It uses machine learning and artificial intelligence to analyze various attributes of files or URLs, such as file type, size, entropy, metadata, code structure, etc., and assigns a risk score based on the analysis. It then blocks any files or URLs that exceed a certain risk threshold from reaching your users or devices. A log parser or DLP are not technologies that form a part of Netskope’s Threat Protection module, as they are more related to discovering cloud applications or protecting sensitive data.
Reference: [Netskope Threat Protection], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 9: Threat Protection.
C, D
Explanation:
To protect your users from malicious scripts that may be downloaded from websites, you need to use technologies that can detect and prevent malware, ransomware, phishing, and other advanced threats in web traffic. Two technologies that form a part of Netskope’s Threat Protection module, which is a feature in the Netskope platform that provides these capabilities, are sandbox and heuristics. Sandbox is a technology that allows Netskope to analyze suspicious files or URLs in a virtual environment isolated from the rest of the network. It simulates the execution of the files or URLs and observes their behavior and impact on the system. It then generates a verdict based on the analysis and blocks any malicious files or URLs from reaching your users or devices. Heuristics is a technology that allows Netskope to identify unknown or emerging threats based on their characteristics or patterns, rather than relying on predefined signatures or rules. It uses machine learning and artificial intelligence to analyze various attributes of files or URLs, such as file type, size, entropy, metadata, code structure, etc., and assigns a risk score based on the analysis. It then blocks any files or URLs that exceed a certain risk threshold from reaching your users or devices. A log parser or DLP are not technologies that form a part of Netskope’s Threat Protection module, as they are more related to discovering cloud applications or protecting sensitive data.
Reference: [Netskope Threat Protection], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 9: Threat Protection.
Question #24
You just deployed the Netskope client in Web mode and several users mention that their messenger application is no longer working. Although you have a specific real-time policy that allows this application, upon further investigation you discover that it is using proprietary encryption. You need to permit access to all the users and maintain some visibility.
In this scenario, which configuration change would accomplish this task?
- A . Change the real-time policy to block the messenger application.
- B . Create a new custom cloud application using the custom connector that can be used in the real-time policy.
- C . Add a policy in the SSL decryption section to bypass the messenger domain(s).
- D . Edit the steering configuration and add a steering exception for the messenger application.
Correct Answer: C
C
Explanation:
In this scenario, you have deployed the Netskope client in Web mode, which is a feature that allows you to steer your users’ web traffic to Netskope for inspection and policy enforcement. However, some users report that their messenger application is no longer working, even though you have a specific real-time policy that allows this application. Upon further investigation, you discover that the messenger application is using proprietary encryption, which means that Netskope cannot decrypt or inspect the traffic from this application. To resolve this issue, you need to permit access to all the users and maintain some visibility. The configuration change that would accomplish this task is to add a policy in the SSL decryption section to bypass the messenger domain(s). This will allow Netskope to skip the decryption process for the traffic from the messenger application and pass it through without any modification. However, Netskope will still be able to log some basic information about the traffic, such as source, destination, bytes, etc., for visibility purposes. Changing the real-time policy to block the messenger application, creating a new custom cloud application using the custom connector, or editing the steering configuration and adding a steering exception for the messenger application are not configuration changes that would accomplish this task, as they would either prevent access to the application, require additional steps or resources, or reduce visibility.
Reference: [Netskope Client], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 4: Decryption Policy.
C
Explanation:
In this scenario, you have deployed the Netskope client in Web mode, which is a feature that allows you to steer your users’ web traffic to Netskope for inspection and policy enforcement. However, some users report that their messenger application is no longer working, even though you have a specific real-time policy that allows this application. Upon further investigation, you discover that the messenger application is using proprietary encryption, which means that Netskope cannot decrypt or inspect the traffic from this application. To resolve this issue, you need to permit access to all the users and maintain some visibility. The configuration change that would accomplish this task is to add a policy in the SSL decryption section to bypass the messenger domain(s). This will allow Netskope to skip the decryption process for the traffic from the messenger application and pass it through without any modification. However, Netskope will still be able to log some basic information about the traffic, such as source, destination, bytes, etc., for visibility purposes. Changing the real-time policy to block the messenger application, creating a new custom cloud application using the custom connector, or editing the steering configuration and adding a steering exception for the messenger application are not configuration changes that would accomplish this task, as they would either prevent access to the application, require additional steps or resources, or reduce visibility.
Reference: [Netskope Client], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 4: Decryption Policy.
Question #25
You consume application infrastructure (middleware) capabilities by a third-party provider.
What is the cloud service model that you are using in this scenario?
- A . PaaS
- B . MaaS
- C . DaaS
- D . SaaS
Correct Answer: A
A
Explanation:
If you consume application infrastructure (middleware) capabilities by a third-party provider, then the cloud service model that you are using in this scenario is PaaS, which stands for Platform as a Service. PaaS is a cloud service model that provides customers with a platform to develop, run, and manage applications without having to deal with the underlying infrastructure or software. PaaS typically includes middleware capabilities such as databases, web servers, development tools, integration services, etc., that customers can use to build and deploy their applications faster and easier. MaaS, DaaS, and SaaS are not cloud service models that match this scenario, as they stand for different types of services. MaaS stands for Monitoring as a Service, which is a service that provides customers with tools to monitor and manage their cloud resources and performance. DaaS stands for Desktop as a Service, which is a service that provides customers with virtual desktops that they can access from any device or location. SaaS stands for Software as a Service, which is a service that provides customers with software applications that they can use over the internet without installing or maintaining them.
Reference: [PaaS], [MaaS], [DaaS], [SaaS].
A
Explanation:
If you consume application infrastructure (middleware) capabilities by a third-party provider, then the cloud service model that you are using in this scenario is PaaS, which stands for Platform as a Service. PaaS is a cloud service model that provides customers with a platform to develop, run, and manage applications without having to deal with the underlying infrastructure or software. PaaS typically includes middleware capabilities such as databases, web servers, development tools, integration services, etc., that customers can use to build and deploy their applications faster and easier. MaaS, DaaS, and SaaS are not cloud service models that match this scenario, as they stand for different types of services. MaaS stands for Monitoring as a Service, which is a service that provides customers with tools to monitor and manage their cloud resources and performance. DaaS stands for Desktop as a Service, which is a service that provides customers with virtual desktops that they can access from any device or location. SaaS stands for Software as a Service, which is a service that provides customers with software applications that they can use over the internet without installing or maintaining them.
Reference: [PaaS], [MaaS], [DaaS], [SaaS].
Question #26
You are deploying TLS support for real-time Web and SaaS transactions.
What are two secure implementation methods in this scenario? (Choose two.)
- A . Bypass TLS 1.3 because it is not widely adopted.
- B . Downgrade to TLS 1.2 whenever possible.
- C . Support TLS 1.2 only when 1.3 is not supported by the server.
- D . Require TLS 1.3 for every server that accepts it.
Correct Answer: C, D
C, D
Explanation:
If you are deploying TLS support for real-time Web and SaaS transactions, then you need to use secure implementation methods that ensure the highest level of encryption and security for your traffic. Two secure implementation methods in this scenario are: support TLS 1.2 only when 1.3 is not supported by the server and require TLS 1.3 for every server that accepts it. TLS stands for Transport Layer Security, which is a protocol that provides secure communication over the internet by encrypting and authenticating data exchanged between two parties. TLS 1.3 is the latest version of TLS, which offers several improvements over TLS 1.2, such as faster handshake, stronger encryption algorithms, better forward secrecy, and reduced attack surface. Therefore, it is recommended to use TLS 1.3 whenever possible for real-time Web and SaaS transactions, as it provides better security and performance than TLS 1.2. However, some servers may not support TLS 1.3 yet, so in those cases, it is acceptable to use TLS 1.2 as a fallback option, as it is still considered secure and widely adopted. Bypassing TLS 1.3 because it is not widely adopted or downgrading to TLS 1.2 whenever possible are not secure implementation methods in this scenario, as they would compromise the security and performance of your traffic by using an older or weaker version of TLS than necessary.
Reference: [TLS], [TLS 1.3].
C, D
Explanation:
If you are deploying TLS support for real-time Web and SaaS transactions, then you need to use secure implementation methods that ensure the highest level of encryption and security for your traffic. Two secure implementation methods in this scenario are: support TLS 1.2 only when 1.3 is not supported by the server and require TLS 1.3 for every server that accepts it. TLS stands for Transport Layer Security, which is a protocol that provides secure communication over the internet by encrypting and authenticating data exchanged between two parties. TLS 1.3 is the latest version of TLS, which offers several improvements over TLS 1.2, such as faster handshake, stronger encryption algorithms, better forward secrecy, and reduced attack surface. Therefore, it is recommended to use TLS 1.3 whenever possible for real-time Web and SaaS transactions, as it provides better security and performance than TLS 1.2. However, some servers may not support TLS 1.3 yet, so in those cases, it is acceptable to use TLS 1.2 as a fallback option, as it is still considered secure and widely adopted. Bypassing TLS 1.3 because it is not widely adopted or downgrading to TLS 1.2 whenever possible are not secure implementation methods in this scenario, as they would compromise the security and performance of your traffic by using an older or weaker version of TLS than necessary.
Reference: [TLS], [TLS 1.3].
Question #27
What correctly defines the Zero Trust security model?
- A . least privilege access
- B . multi-layered security
- C . strong authentication
- D . double encryption
Correct Answer: A
A
Explanation:
The term that correctly defines the Zero Trust security model is least privilege access. The Zero Trust security model is a modern security strategy based on the principle: never trust, always verify. Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an open network. One of the core principles of the Zero Trust model is to use least privilege access, which means granting users or systems only the minimum level of access they need to perform their tasks, and only for a limited time. This helps reduce the attack surface and minimize the impact of a potential
breach.
Reference: Zero Trust Security – microsoft.comWhat is Zero Trust Security? Principles of the Zero Trust Model
A
Explanation:
The term that correctly defines the Zero Trust security model is least privilege access. The Zero Trust security model is a modern security strategy based on the principle: never trust, always verify. Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an open network. One of the core principles of the Zero Trust model is to use least privilege access, which means granting users or systems only the minimum level of access they need to perform their tasks, and only for a limited time. This helps reduce the attack surface and minimize the impact of a potential
breach.
Reference: Zero Trust Security – microsoft.comWhat is Zero Trust Security? Principles of the Zero Trust Model
Question #28
Exhibit
A user is connected to a cloud application through Netskope’s proxy.
In this scenario, what information is available at Skope IT? (Choose three.)
- A . username. device location
- B . destination IP. OS patch version
- C . account instance, URL category
- D . user activity, cloud app risk rating
- E . file version, shared folder
Correct Answer: ACD
ACD
Explanation:
In this scenario, a user is connected to a cloud application through Netskope’s proxy, which is a deployment method that allows Netskope to intercept and inspect the traffic between the user and the cloud application in real time. In this case, Netskope can collect and display various information about the user and the cloud application at Skope IT, which is a feature in the Netskope platform that allows you to view and analyze all the activities performed by users on cloud applications. Some of the information that is available at Skope IT are: username, device location, account instance, URL category, user activity, and cloud app risk rating. Username is the name or identifier of the user who is accessing the cloud application. Device location is the geographical location of the device that the user is using to access the cloud application. Account instance is the specific instance of the cloud application that the user is accessing, such as a personal or enterprise instance. URL category is the classification of the web page that the user is visiting within the cloud application, such as Business or Social Media. User activity is the action that the user is performing on the cloud application, such as Upload or Share. Cloud app risk rating is the score that Netskope assigns to the cloud application based on its security posture and compliance with best practices. Destination IP, OS patch version, file version, and shared folder are not information that is available at Skope IT in this scenario, as they are either unrelated or irrelevant to the proxy connection or the Skope IT feature.
Reference: [Netskope Inline CASB], [Netskope Skope IT].
ACD
Explanation:
In this scenario, a user is connected to a cloud application through Netskope’s proxy, which is a deployment method that allows Netskope to intercept and inspect the traffic between the user and the cloud application in real time. In this case, Netskope can collect and display various information about the user and the cloud application at Skope IT, which is a feature in the Netskope platform that allows you to view and analyze all the activities performed by users on cloud applications. Some of the information that is available at Skope IT are: username, device location, account instance, URL category, user activity, and cloud app risk rating. Username is the name or identifier of the user who is accessing the cloud application. Device location is the geographical location of the device that the user is using to access the cloud application. Account instance is the specific instance of the cloud application that the user is accessing, such as a personal or enterprise instance. URL category is the classification of the web page that the user is visiting within the cloud application, such as Business or Social Media. User activity is the action that the user is performing on the cloud application, such as Upload or Share. Cloud app risk rating is the score that Netskope assigns to the cloud application based on its security posture and compliance with best practices. Destination IP, OS patch version, file version, and shared folder are not information that is available at Skope IT in this scenario, as they are either unrelated or irrelevant to the proxy connection or the Skope IT feature.
Reference: [Netskope Inline CASB], [Netskope Skope IT].
Question #29
What is a benefit that Netskope instance awareness provides?
- A . It prevents movement of corporate sensitive data to a personal Dropbox account.
- B . It prevents the user from copying information from a corporate email and pasting the information into a GitHub repository.
- C . It differentiates between an IT managed Google Drive instance versus a personal Dropbox account.
- D . It differentiates between an IT managed Google Drive instance versus a personal Google Drive instance.
Correct Answer: D
D
Explanation:
A benefit that Netskope instance awareness provides is that it differentiates between an IT managed Google Drive instance versus a personal Google Drive instance. Instance awareness is a feature in the Netskope platform that allows you to define and identify different instances of the same cloud application based on the domain name or URL. For example, you can define an instance for your IT managed Google Drive instance (such as drive.google.com/a/yourcompany.com) and another instance for your personal Google Drive instance (such as drive.google.com). This way, you can differentiate between them and apply different policies and actions based on the instance. This can help you prevent data leakage, enforce compliance, or improve visibility for your cloud application activities. Preventing movement of corporate sensitive data to a personal Dropbox account, preventing the user from copying information from a corporate email and pasting it into a GitHub repository, or differentiating between an IT managed Google Drive instance versus an IT managed Box instance are not benefits that Netskope instance awareness provides, as they are either unrelated or irrelevant to the instance awareness feature.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 5: Real-Time Policies, Lesson 4: App Instances.
D
Explanation:
A benefit that Netskope instance awareness provides is that it differentiates between an IT managed Google Drive instance versus a personal Google Drive instance. Instance awareness is a feature in the Netskope platform that allows you to define and identify different instances of the same cloud application based on the domain name or URL. For example, you can define an instance for your IT managed Google Drive instance (such as drive.google.com/a/yourcompany.com) and another instance for your personal Google Drive instance (such as drive.google.com). This way, you can differentiate between them and apply different policies and actions based on the instance. This can help you prevent data leakage, enforce compliance, or improve visibility for your cloud application activities. Preventing movement of corporate sensitive data to a personal Dropbox account, preventing the user from copying information from a corporate email and pasting it into a GitHub repository, or differentiating between an IT managed Google Drive instance versus an IT managed Box instance are not benefits that Netskope instance awareness provides, as they are either unrelated or irrelevant to the instance awareness feature.
Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 5: Real-Time Policies, Lesson 4: App Instances.
Question #30
According to Netskope. what are two preferred methods to report a URL miscategorization? (Choose two.)
- A . Use www.netskope.com/url-lookup.
- B . Use the URL Lookup page in the dashboard.
- C . Email support@netskope.com.
- D . Tag Netskope on Twitter.
Correct Answer: A, B
A, B
Explanation:
According to Netskope, two preferred methods to report a URL miscategorization are: use www.netskope.com/url-lookup and use the URL Lookup page in the dashboard. The first method allows you to visit www.netskope.com/url-lookup in your browser and enter any URL that you want to check or report for miscategorization. You will see the current category assigned by Netskope for that URL and you can submit a request to change it if you think it is incorrect. The second method allows you to use the URL Lookup page in the dashboard of your Netskope platform tenant and enter any URL that you want to check or report for miscategorization. You will see the current category assigned by Netskope for that URL and you can submit a request to change it if you think it is incorrect. Emailing support@netskope.com or tagging Netskope on Twitter are not preferred methods to report a URL miscategorization, as they are not designed for this purpose and may not be as efficient or effective as using the dedicated tools provided by Netskope.
Reference: [Netskope URL Lookup], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 8: Skope IT, Lesson 2: Page Events.
A, B
Explanation:
According to Netskope, two preferred methods to report a URL miscategorization are: use www.netskope.com/url-lookup and use the URL Lookup page in the dashboard. The first method allows you to visit www.netskope.com/url-lookup in your browser and enter any URL that you want to check or report for miscategorization. You will see the current category assigned by Netskope for that URL and you can submit a request to change it if you think it is incorrect. The second method allows you to use the URL Lookup page in the dashboard of your Netskope platform tenant and enter any URL that you want to check or report for miscategorization. You will see the current category assigned by Netskope for that URL and you can submit a request to change it if you think it is incorrect. Emailing support@netskope.com or tagging Netskope on Twitter are not preferred methods to report a URL miscategorization, as they are not designed for this purpose and may not be as efficient or effective as using the dedicated tools provided by Netskope.
Reference: [Netskope URL Lookup], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 8: Skope IT, Lesson 2: Page Events.
Question #30
According to Netskope. what are two preferred methods to report a URL miscategorization? (Choose two.)
- A . Use www.netskope.com/url-lookup.
- B . Use the URL Lookup page in the dashboard.
- C . Email support@netskope.com.
- D . Tag Netskope on Twitter.
Correct Answer: A, B
A, B
Explanation:
According to Netskope, two preferred methods to report a URL miscategorization are: use www.netskope.com/url-lookup and use the URL Lookup page in the dashboard. The first method allows you to visit www.netskope.com/url-lookup in your browser and enter any URL that you want to check or report for miscategorization. You will see the current category assigned by Netskope for that URL and you can submit a request to change it if you think it is incorrect. The second method allows you to use the URL Lookup page in the dashboard of your Netskope platform tenant and enter any URL that you want to check or report for miscategorization. You will see the current category assigned by Netskope for that URL and you can submit a request to change it if you think it is incorrect. Emailing support@netskope.com or tagging Netskope on Twitter are not preferred methods to report a URL miscategorization, as they are not designed for this purpose and may not be as efficient or effective as using the dedicated tools provided by Netskope.
Reference: [Netskope URL Lookup], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 8: Skope IT, Lesson 2: Page Events.
A, B
Explanation:
According to Netskope, two preferred methods to report a URL miscategorization are: use www.netskope.com/url-lookup and use the URL Lookup page in the dashboard. The first method allows you to visit www.netskope.com/url-lookup in your browser and enter any URL that you want to check or report for miscategorization. You will see the current category assigned by Netskope for that URL and you can submit a request to change it if you think it is incorrect. The second method allows you to use the URL Lookup page in the dashboard of your Netskope platform tenant and enter any URL that you want to check or report for miscategorization. You will see the current category assigned by Netskope for that URL and you can submit a request to change it if you think it is incorrect. Emailing support@netskope.com or tagging Netskope on Twitter are not preferred methods to report a URL miscategorization, as they are not designed for this purpose and may not be as efficient or effective as using the dedicated tools provided by Netskope.
Reference: [Netskope URL Lookup], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 8: Skope IT, Lesson 2: Page Events.
Question #32
What is the limitation of using a legacy proxy compared to Netskope’s solution?
- A . Netskope architecture requires on-premises components.
- B . Legacy solutions offer higher performance and scalability for corporate and remote users.
- C . Legacy on-premises solutions fail to provide protection for traffic from on-premises users.
- D . To enforce policies, traffic needs to traverse back through a customer’s on-premises security stack.
Correct Answer: D
D
Explanation:
A limitation of using a legacy proxy compared to Netskope’s solution is that to enforce policies, traffic needs to traverse back through a customer’s on-premises security stack. This creates latency, bandwidth, and scalability issues for remote users and cloud applications. Netskope’s solution, on the other hand, leverages a cloud-native architecture that provides high-performance and scalable inspection of traffic from any location and device.
Reference: [Netskope Architecture Overview]
D
Explanation:
A limitation of using a legacy proxy compared to Netskope’s solution is that to enforce policies, traffic needs to traverse back through a customer’s on-premises security stack. This creates latency, bandwidth, and scalability issues for remote users and cloud applications. Netskope’s solution, on the other hand, leverages a cloud-native architecture that provides high-performance and scalable inspection of traffic from any location and device.
Reference: [Netskope Architecture Overview]
Question #33
You are creating a real-time policy for cloud applications.
In addition to users, groups, and organizational units, which two source criteria would support this scenario? (Choose two.)
- A . protocol version
- B . access method
- C . browser version
- D . device classification
Correct Answer: BD
BD
Explanation:
When creating a real-time policy for cloud applications, you can use access method and device classification as source criteria, in addition to users, groups, and organizational units. Access method refers to how the user accesses the cloud application, such as browser, sync client, mobile app, etc. Device classification refers to the type of device used by the user, such as managed or unmanaged, Windows or Mac, etc. These criteria can help you define granular policies based on different scenarios and risks.
Reference: [Creating Real-Time Policies for Cloud Applications]
BD
Explanation:
When creating a real-time policy for cloud applications, you can use access method and device classification as source criteria, in addition to users, groups, and organizational units. Access method refers to how the user accesses the cloud application, such as browser, sync client, mobile app, etc. Device classification refers to the type of device used by the user, such as managed or unmanaged, Windows or Mac, etc. These criteria can help you define granular policies based on different scenarios and risks.
Reference: [Creating Real-Time Policies for Cloud Applications]
Question #34
What are two reasons why legacy solutions, such as on-premises firewalls and proxies, fail to secure the data and data access compared to Netskope Secure Web Gateway? (Choose two.)
- A . Legacy solutions are unable to see the user who is trying to access the application.
- B . The applications where the data resides are no longer in one central location.
- C . Legacy solutions do not meet compliance standards.
- D . The users accessing this data are not in one central place.
Correct Answer: BD
BD
Explanation:
Legacy solutions, such as on-premises firewalls and proxies, fail to secure the data and data access compared to Netskope Secure Web Gateway because they are designed for a perimeter-based security model, where the applications and the users are both within the corporate network. However, with the rise of cloud computing and remote work, this model is no longer valid. The applications where the data resides are no longer in one central location, but distributed across multiple cloud services and regions. The users accessing this data are not in one central place, but working from anywhere, on any device. Legacy solutions cannot provide adequate visibility and control over this dynamic and complex environment, resulting in security gaps and performance issues. Netskope Secure Web Gateway, on the other hand, leverages a cloud-native architecture that provides high-performance and scalable inspection of traffic from any location and device, as well as granular policies and advanced threat and data protection for web and cloud applications.
Reference: Netskope Architecture OverviewNetskope Next Gen SWG
BD
Explanation:
Legacy solutions, such as on-premises firewalls and proxies, fail to secure the data and data access compared to Netskope Secure Web Gateway because they are designed for a perimeter-based security model, where the applications and the users are both within the corporate network. However, with the rise of cloud computing and remote work, this model is no longer valid. The applications where the data resides are no longer in one central location, but distributed across multiple cloud services and regions. The users accessing this data are not in one central place, but working from anywhere, on any device. Legacy solutions cannot provide adequate visibility and control over this dynamic and complex environment, resulting in security gaps and performance issues. Netskope Secure Web Gateway, on the other hand, leverages a cloud-native architecture that provides high-performance and scalable inspection of traffic from any location and device, as well as granular policies and advanced threat and data protection for web and cloud applications.
Reference: Netskope Architecture OverviewNetskope Next Gen SWG
Question #35
There is a DLP violation on a file in your sanctioned Google Drive instance. The file is in a deleted state. You need to locate information pertaining to this DLP violation using Netskope.
In this scenario, which statement is correct?
- A . You can find DLP violations under Forensic profiles.
- B . DLP incidents for a file are not visible when the file is deleted.
- C . You can find DLP violations under the Incidents dashboard.
- D . You must create a forensic profile so that an incident is created.
Correct Answer: C
C
Explanation:
To locate information pertaining to a DLP violation on a file in your sanctioned Google Drive instance, you can use the Incidents dashboard in Netskope. The Incidents dashboard provides a comprehensive view of all the incidents that have occurred in your cloud environment, such as DLP violations, malware infections, anomalous activities, etc. You can filter the incidents by various criteria, such as app name, incident type, severity, user name, etc. You can also drill down into each incident to see more details, such as file name, file path, file owner, file size, file type, etc. The Incidents dashboard can show DLP violations for files that are in a deleted state, as long as they are still recoverable from the trash bin of the app. If the file is permanently deleted from the app, then the incident will not be visible in the dashboard.
Reference: Netskope Incidents Dashboard
C
Explanation:
To locate information pertaining to a DLP violation on a file in your sanctioned Google Drive instance, you can use the Incidents dashboard in Netskope. The Incidents dashboard provides a comprehensive view of all the incidents that have occurred in your cloud environment, such as DLP violations, malware infections, anomalous activities, etc. You can filter the incidents by various criteria, such as app name, incident type, severity, user name, etc. You can also drill down into each incident to see more details, such as file name, file path, file owner, file size, file type, etc. The Incidents dashboard can show DLP violations for files that are in a deleted state, as long as they are still recoverable from the trash bin of the app. If the file is permanently deleted from the app, then the incident will not be visible in the dashboard.
Reference: Netskope Incidents Dashboard
Question #36
What are two CASB inline interception use cases? (Choose two.)
- A . blocking file uploads to a personal Box account
- B . running a retroactive scan for data at rest in Google Drive
- C . using the Netskope steering client to provide user alerts when sensitive information is posted in Slack
- D . scanning Dropbox for credit card information
Correct Answer: A, C
A, C
Explanation:
CASB inline interception use cases are scenarios where you need to apply real-time policies and actions on the traffic between users and cloud applications. For example, you may want to block file uploads to a personal Box account to prevent data leakage or exfiltration. You can use Netskope’s inline proxy mode to intercept and inspect the traffic between users and Box, and apply granular policies based on user identity, device type, app instance, file metadata, etc. You can also use Netskope’s inline proxy mode to provide user alerts when sensitive information is posted in Slack. For example, you may want to warn users when they share credit card numbers or social security numbers in Slack channels or messages. You can use Netskope’s steering client to redirect the traffic between users and Slack to Netskope’s inline proxy for inspection and enforcement. You can also use Netskope’s DLP engine to detect sensitive data patterns and apply actions such as alerting or blocking.
Reference: Netskope Inline Proxy ModeNetskope Steering Client [Netskope DLP Engine]
A, C
Explanation:
CASB inline interception use cases are scenarios where you need to apply real-time policies and actions on the traffic between users and cloud applications. For example, you may want to block file uploads to a personal Box account to prevent data leakage or exfiltration. You can use Netskope’s inline proxy mode to intercept and inspect the traffic between users and Box, and apply granular policies based on user identity, device type, app instance, file metadata, etc. You can also use Netskope’s inline proxy mode to provide user alerts when sensitive information is posted in Slack. For example, you may want to warn users when they share credit card numbers or social security numbers in Slack channels or messages. You can use Netskope’s steering client to redirect the traffic between users and Slack to Netskope’s inline proxy for inspection and enforcement. You can also use Netskope’s DLP engine to detect sensitive data patterns and apply actions such as alerting or blocking.
Reference: Netskope Inline Proxy ModeNetskope Steering Client [Netskope DLP Engine]
Question #37
You want to take into account some recent adjustments to CCI scoring that were made in your Netskope tenant.
In this scenario, which two CCI aspects in the Ul would be used in a real-time protection policy? (Choose two.)
- A . App Tag
- B . CCL
- C . App Score
- D . GDPR Readiness
Correct Answer: A, C
A, C
Explanation:
To take into account some recent adjustments to CCI scoring that were made in your Netskope tenant, you can use the App Tag and App Score aspects in the UI to create a real-time protection policy. The App Tag is a label that indicates the level of enterprise readiness of a cloud app based on its CCI score. The App Score is a numerical value that represents the CCI score of a cloud app based on various criteria such as security, auditability, and business continuity. You can use these aspects to filter cloud apps by their CCI ratings and apply policies accordingly. For example, you can create a policy that blocks access to cloud apps with an App Tag of Poor or an App Score below 50.
Reference: Netskope Cloud Confidence IndexCreating Real-Time Policies for Cloud Applications
A, C
Explanation:
To take into account some recent adjustments to CCI scoring that were made in your Netskope tenant, you can use the App Tag and App Score aspects in the UI to create a real-time protection policy. The App Tag is a label that indicates the level of enterprise readiness of a cloud app based on its CCI score. The App Score is a numerical value that represents the CCI score of a cloud app based on various criteria such as security, auditability, and business continuity. You can use these aspects to filter cloud apps by their CCI ratings and apply policies accordingly. For example, you can create a policy that blocks access to cloud apps with an App Tag of Poor or an App Score below 50.
Reference: Netskope Cloud Confidence IndexCreating Real-Time Policies for Cloud Applications
Question #38
You are working with traffic from applications with pinned certificates. In this scenario, which statement is correct?
- A . An exception should be added to the steering configuration.
- B . The domains used by certificate-pinned applications should be added to the authentication bypass list.
- C . Traffic with pinned certificates should be blocked.
- D . The domains used by applications with pinned certificates should be allowed in an inline policy.
Correct Answer: A
A
Explanation:
When working with traffic from applications with pinned certificates, you should add an exception to the steering configuration to bypass them. Pinned certificates are a security technique that prevents man-in-the-middle attacks by validating the server certificates against a hardcoded list of certificates in the application. If you try to intercept or inspect the traffic from such applications, they will reject the connection or display an error message. Therefore, you should add the domains used by certificate-pinned applications as exceptions in your steering configuration, so that they are not steered to Netskope for analysis and enforcement.
Reference: Certificate Pinned ApplicationsCreating a Steering Configuration
A
Explanation:
When working with traffic from applications with pinned certificates, you should add an exception to the steering configuration to bypass them. Pinned certificates are a security technique that prevents man-in-the-middle attacks by validating the server certificates against a hardcoded list of certificates in the application. If you try to intercept or inspect the traffic from such applications, they will reject the connection or display an error message. Therefore, you should add the domains used by certificate-pinned applications as exceptions in your steering configuration, so that they are not steered to Netskope for analysis and enforcement.
Reference: Certificate Pinned ApplicationsCreating a Steering Configuration
Question #39
Which two traffic steering configurations are supported by Netskope? (Choose two.)
- A . browser isolation traffic only
- B . cloud applications only
- C . all Web traffic including cloud applications
- D . Web traffic only
Correct Answer: B, C
B, C
Explanation:
The two traffic steering configurations that are supported by Netskope are cloud applications only and all Web traffic including cloud applications. These configurations allow you to control what kind of traffic gets steered to Netskope for real-time deep analysis and what kind of traffic gets bypassed. You can choose one of these options for both on-premises and off-premises scenarios, depending on your network environment and security needs. You can also create exceptions for specific domains, IP addresses, or certificate-pinned applications that you want to bypass or steer regardless of the configuration option.
Reference: Steering ConfigurationCreating a Steering Configuration
B, C
Explanation:
The two traffic steering configurations that are supported by Netskope are cloud applications only and all Web traffic including cloud applications. These configurations allow you to control what kind of traffic gets steered to Netskope for real-time deep analysis and what kind of traffic gets bypassed. You can choose one of these options for both on-premises and off-premises scenarios, depending on your network environment and security needs. You can also create exceptions for specific domains, IP addresses, or certificate-pinned applications that you want to bypass or steer regardless of the configuration option.
Reference: Steering ConfigurationCreating a Steering Configuration
Question #40
Which three technologies describe the primary cloud service models as defined by the National Institute of Standards and Technology (NIST)? (Choose three.)
- A . Cloud Service Provider (CSP)
- B . Identity as a Service (IDaaS)
- C . Platform as a Service (PaaS)
- D . Software as a Service (SaaS)
- E . Infrastructure as a Service (laaS)
Correct Answer: CDE
CDE
Explanation:
The three technologies that describe the primary cloud service models as defined by the National Institute of Standards and Technology (NIST) are Platform as a Service (PaaS), Software as a Service (SaaS), and Infrastructure as a Service (IaaS). These service models are based on the type of computing capability that is provided by the cloud provider to the cloud consumer over a network.
According to NIST, these service models have the following definitions:
Platform as a Service (PaaS): The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
Software as a Service (SaaS): The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Infrastructure as a Service (IaaS): The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).
Reference: The NIST Definition of Cloud ComputingNIST Cloud Computing Program
CDE
Explanation:
The three technologies that describe the primary cloud service models as defined by the National Institute of Standards and Technology (NIST) are Platform as a Service (PaaS), Software as a Service (SaaS), and Infrastructure as a Service (IaaS). These service models are based on the type of computing capability that is provided by the cloud provider to the cloud consumer over a network.
According to NIST, these service models have the following definitions:
Platform as a Service (PaaS): The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
Software as a Service (SaaS): The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Infrastructure as a Service (IaaS): The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).
Reference: The NIST Definition of Cloud ComputingNIST Cloud Computing Program