NSK200

Exam Name: Netskope Certified Cloud Security

Full version: 93 Q&As

Full version of NSK200 Dumps

Share some NSK200 exam dumps below.

1. Your company needs to keep quarantined files that have been triggered by a DLP policy.
In this scenario, which statement Is true?
A. The files are stofed remotely In your data center assigned In the Quarantine profile.
B. The files are stored In the Netskope data center assigned in the Quarantine profile.
C. The files are stored In the Cloud provider assigned In the Quarantine profile.
D. The files are stored on the administrator console PC assigned In the Quarantine profile.
Answer: B
Explanation:
When a policy flags a file to be quarantined, that file is placed in a quarantine folder and a
tombstone file is put in the original location in its place. The quarantine folder is located in the
Netskope data center assigned in the Quarantine profile. The Quarantine profile is configured in
Settings > Threat Protection > API-enabled Protection. The quarantined file is zipped and
protected with a password to prevent users from inadvertently downloading the file. Netskope
then notifies the admin specified in the profile1. Therefore, option B is correct and the other
options are incorrect.
Reference: Quarantine - Netskope Knowledge Portal, Threat Protection - Netskope Knowledge
Portal

2. Review the exhibit.

A security analyst needs to create a report to view the top five categories of unsanctioned
applications accessed in the last 90 days.
Referring to the exhibit, what are two data collections in Advanced Analytics that would be used
to create this report? (Choose two.)
A. Alerts
B. Application Events
C. Page Events
D. Network Events
Answer: BD
Explanation:
To create a report to view the top five categories of unsanctioned applications accessed in the
last 90 days, the security analyst would need to use two data collections in Advanced Analytics:
Application Events and Network Events. Application Events provide information about the cloud
applications and websites accessed by users, such as app name, app category, app risk score,
app instance, app version, and more. Network Events provide information about the network
traffic generated by users, such as source IP, destination IP, protocol, port, bytes sent, bytes
received, and more. By combining these two data collections, the security analyst can filter the
events by app category, app risk score, and time range to create a report that shows the top five
categories of unsanctioned applications accessed in the last 90 days. Alerts and Page Events
are not relevant for this report. Alerts provide information about the alerts triggered by Real-time
Protection or API Data Protection policies, such as alert type, alert severity, alert status, alert
description, and more. Page Events provide information about the web pages visited by users,
such as page title, page URL, page category, page risk score, page content type, and more.
Reference: Advanced Analytics

3. You are integrating Netskope tenant administration with an external identity provider. You
need to implement role-based access control.
Which two statements are true about this scenario? (Choose two.)
A. The roles you want to assign must be present in the Netskope tenant.
B. You do not need to define the administrators locally in the Netskope tenant after It Is
integrated with IdP.
C. You need to define the administrators locally in the Netskope tenant.
D. Once integrated with IdP. you must append the "locallogin" URL to log in using IdP
Answer: AC
Explanation:
To implement role-based access control when integrating Netskope tenant administration with
an external identity provider (IdP), two statements that are true about this scenario are A. The
roles you want to assign must be present in the Netskope tenant and C. You need to define the
administrators locally in the Netskope tenant. Role-based access control (RBAC) is a feature
that allows you to assign different levels of permissions and access to the Netskope tenant
based on the user’s role. You can use RBAC to integrate Netskope tenant administration with
an external IdP such as Azure AD or Okta and delegate administrative tasks to different users
or groups1. To do this, you need to ensure that the roles you want to assign are present in the
Netskope tenant. You can use the predefined roles such as SYSADMIN, AUDITOR, or
OPERATOR, or create custom roles with specific privileges2. You also need to define the
administrators locally in the Netskope tenant by creating local user accounts and assigning
them roles. You can use the same email address as the IdP user account for the local user
account3. Therefore, options A and C are correct and the other options are incorrect.
Reference: Role-Based Access Control - Netskope Knowledge Portal, Roles - Netskope
Knowledge Portal, Integrate with Azure AD - Netskope Knowledge Portal

4. Review the exhibit.

You are asked to create a new Real-time Protection policy to scan SMTP emails using data loss
prevention (DLP) for personal health information (PHI). The scope is limited to only emails being
sent from Microsoft Exchange Online to outside recipients.
A. Web Access policy
B. Email Outbound policy
C. CTEP policy
D. DLP policy
Answer: B
Explanation:
An "Email Outbound" policy is specifically designed to apply data loss prevention controls on
outbound emails, such as SMTP traffic from Exchange Online. This policy type enables granular
control over outbound email content, ensuring compliance with DLP policies for PHI data.

5. Review the exhibit.

You are asked to create a DLP profile that will ensure that the data shown in the exhibit cannot
be uploaded to a user's personal Google Drive.
What must be used to accomplish this task?
A. document fingerprinting
B. ML image classifier
C. optical character recognition
D. INTL-PAN-Name rule
Answer: C
Explanation:
To create a DLP profile that will ensure that the data shown in the exhibit cannot be uploaded to
a user’s personal Google Drive, you need to use optical character recognition (OCR). OCR is a
feature that allows you to detect and extract text from images and scanned documents. You can
use OCR in your DLP profiles to identify sensitive data that is embedded or hidden in images1.
In the exhibit, we can see that the data is a credit card number, which is a type of sensitive data
that can be easily identified by OCR. You can create a DLP profile that uses OCR and matches
the credit card number data identifier or a custom regex expression. You can then apply an
action such as block, alert, or quarantine to prevent the data from being uploaded to Google
Drive2. Therefore, option C is correct and the other options are incorrect.
Reference: Optical Character Recognition (OCR) - Netskope Knowledge Portal, Add a Policy for
Data Protection - Netskope Knowledge Portal

6. You are provisioning Netskope users from Okta with SCIM Provisioning, and users are not
showing up in the tenant.
In this scenario, which two Netskope components should you verify first In Okta for accuracy?
(Choose two.)
A. IdP Entity ID
B. OAuth token
C. Netskope SAML certificate
D. SCIM server URL
Answer: BD
Explanation:
To provision Netskope users from Okta with SCIM Provisioning, and users are not showing up
in the tenant, the two Netskope components that you should verify first in Okta for accuracy are
B. OAuth token and D. SCIM server URL. The OAuth token is a credential that allows Okta to
authenticate with the Netskope SCIM server and perform user provisioning operations4. The
SCIM server URL is the endpoint that Okta uses to communicate with the Netskope SCIM
server and send user data5. Both of these components must be configured correctly in Okta for
the SCIM Provisioning to work. You can find them in the Netskope UI under Settings > Tools >
Directory Tools > SCIM Integration6. Therefore, options B and D are correct and the other
options are incorrect.
Reference: SCIM-Based User Provisioning - Netskope Knowledge Portal, Netskope + Okta Use
Case: Provisioning Users and Managing Groups Using SCIM - Netskope, Netskope Partner
Okta - Netskope
7. Which statement describes a requirement for deploying a Netskope Private Application (NPA)
Publisher?
A. The publisher must be deployed in a public cloud environment, such as AWS.
B. The publisher must be deployed in a private data center.
C. The publisher must be deployed on the network where the private application will be
accessed.
D. The publisher's name must match the name of the application process that it will access.
Answer: C
Explanation:
The statement that describes a requirement for deploying a Netskope Private Application (NPA)
Publisher is C. The publisher must be deployed on the network where the private application will
be accessed. A NPA Publisher is a software component that enables Netskope to discover
resources that users will connect to via NPA. A NPA Publisher must be deployed on the same
network as the private application that it will publish, such as a public cloud environment (AWS,
Azure, GCP) or a private data center3. This ensures that the NPA Publisher can communicate
with the private application and relay its traffic to the NPA service in the Netskope cloud.
Therefore, option C is correct and the other options are incorrect.
Reference: Deploy a Publisher - Netskope Knowledge Portal

8. Your company has many users that are remote and travel often. You want to provide the
greatest visibility into their activities, even while traveling.
Using Netskope, which deployment method would be used in this scenario?
A. Use a Netskope client.
B. Use an IPsec tunnel.
C. Use a GRE tunnel.
D. Use proxy chaining.
Answer: A
Explanation:
Deploying the Netskope client on remote and traveling users' devices provides the highest level
of visibility into their activities regardless of their location. The Netskope client can steer traffic
securely to the Netskope Security Cloud, offering consistent monitoring and protection.

9. Your customer is using a virtual desktop infrastructure (VDI) for their support engineers.
Multiple users will be logging into the same device, and they want to detect activities for each
user.
A. Install Netskope client in default mode and enable DTLS.
B. Install Netskope client and create a separate steering configuration for each user.
C. Install Netskope client in peruserconfig mode.
D. Install Netskope client and create a separate device configuration for each user.
Answer: C
Explanation:
Installing the Netskope client in "peruserconfig" mode allows for user-specific configurations on
shared devices like those in a VDI environment. This mode enables Netskope to detect and
report activities separately for each user, even if multiple users are logged into the same device.

10. You are troubleshooting private application access from a user's computer. The user is
complaining that they cannot access the corporate file share; however, the private tunnel seems
to be established. You open the npadebuglog.log file in a text editor and cannot find any
reference to the private application.
A. The absence of npadebuglog.log entries is not significant.
B. File shares cannot be published using private access.
C. The user is not added to the required real-time policy.
D. The user needs to re-authenticate for private applications.
Answer: C
Explanation:
If there are no references to the private application in the npadebuglog.log, it is likely that the
user is not added to the required real-time policy. Without proper policy assignment, the user’s
traffic will not be routed correctly through the private access setup, causing access issues.

11. A company allows their users to access OneDrive on their managed laptops. It is against
corporate policy to upload any documents to their personal OneDrive. The company needs to
enforce this policy to protect their customer’s sensitive data.
What are two ways to enforce this policy? (Choose two.)
A. Create DLP policies to block the upload of all the identified documents.
B. Create DLP policies to allow document uploading only to the corporate OneDrive instance.
C. Create a new application instance for the corporate OneDrive.
D. Fingerprint all the documents to have a catalog of all the documents that the company needs
to protect.
Answer: AB
Explanation:
By setting DLP policies that either block uploads of sensitive documents or restrict them to only
the corporate OneDrive, the company can enforce its policy. These policies ensure that
sensitive data remains within approved environments and does not get uploaded to personal
instances.

12. You are configuring GRE tunnels from a Palo Alto Networks firewall to a Netskope tenant
with the Netskope for Web license enabled. Your tunnel is up as seen from the Netskope
dashboard. You are unable to ping hosts behind the Netskope gateway.
Which two statements are true about this scenario? (Choose two.)
A. You need to call support to enable the GRE POP selection feature.
B. Netskope only supports Web traffic through the tunnel.
C. You can only ping the probe IP provided by Netskope.
D. There is no client installed on the source hosts in your network.
Answer: BC
Explanation:
Netskope’s GRE tunneling supports only web traffic, which means ICMP traffic (ping) is not
supported for hosts behind the Netskope gateway. You may, however, ping the probe IP
provided by Netskope to test connectivity, as this IP is designated for diagnostics.

13. You want to prevent a document stored in Google Drive from being shared externally with a
public link.
What would you configure in Netskope to satisfy this requirement?
A. Threat Protection policy
B. API Data Protection policy
C. Real-time Protection policy
D. Quarantine
Answer: B
Explanation:
To prevent a document stored in Google Drive from being shared externally with a public link,
you need to configure an API Data Protection policy in Netskope. An API Data Protection policy
allows you to discover, classify, and protect data that is already resident in your cloud services,
such as Google Drive1. You can create a policy that matches the documents you want to
protect based on criteria such as users, content, activity, or DLP profiles. Then, you can choose
an action to prevent the documents from being shared externally, such as remove external
collaborators, remove public links, or quarantine2. Therefore, option B is correct and the other
options are incorrect.
Reference: API Data Protection - Netskope Knowledge Portal, Add a Policy for API Data
Protection - Netskope Knowledge Portal

14. You are an administrator writing Netskope Real-time Protection policies and must determine
proper policy ordering.
Which two statements are true in this scenario? (Choose two.)
A. You must place Netskope private access malware policies in the middle.
B. You do not need to create an "allow all" Web Access policy at the bottom.
C. You must place DLP policies at the bottom.
D. You must place high-risk block policies at the top.
Answer: BD
Explanation:
To determine proper policy ordering for Netskope Real-time Protection policies, you need to
follow these two statements:
B. You do not need to create an “allow all” Web Access policy at the bottom.
D. You must place high-risk block policies at the top. These statements are based on the best
practices for policy ordering recommended by Netskope3. An “allow all” Web Access policy at
the bottom is not necessary because any traffic that does not match any policy will be allowed
by default. However, you can create a “monitor all” Web Access policy at the bottom if you
want to log all the traffic that is not matched by any other policy4. High-risk block policies at the
top are important because they prevent any traffic that poses a serious threat or violates a
critical compliance standard from reaching its destination. These policies should have higher
priority than other policies that may allow or modify the traffic5. Therefore, options B and D are
correct and the other options are incorrect.
Reference: Real-time Protection Policies - Netskope Knowledge Portal, Create a Real-time
Protection Policy for Web Categories - Netskope Knowledge Portal, Best Practices: Real-time
Protection Policies (1 of 2) - Netskope
 More Hot Exams are available.

350-401 ENCOR Exam Dumps

350-801 CLCOR Exam Dumps

200-301 CCNA Exam Dumps

Powered by TCPDF (www.tcpdf.org)