Netskope NSK200 Netskope Certified Cloud Security Integrator NCCSI Exam Practice Test

Page: 1 / 14
Total 93 questions
Question 1

Review the exhibit.

Given the information shown below:

- for PCI data uploads, you want to provide no notification,

- for PHI data uploads, you want to allow users to proceed by clicking OK,

- for GDPR data uploads, you want to provide block notification,

- if none of the above matches, you want to provide no notification.

You want to reduce the number of policies by combining multiple DLP profiles Into one policy.

Referring to the exhibit, which two statements are true? (Choose two.)



Answer : B, D


Question 2

You created the Netskope application in your IdP for user provisioning and validated that the API Integration settings are correct and functional. However, you are not able to push the user groups from the IdP into your Netskope tenant.



Answer : A

If user groups cannot be pushed from the IdP into Netskope, one possible cause is that the group contains both active and deactivated users. Deactivated users in a group can create conflicts during provisioning, as Netskope expects all users in the group to be active.


Question 3

While most Web and SaaS traffic is decrypted for inspection, you are asked to prevent a certain host on the network from SSL decryption for privacy purposes.



Answer : A

Creating a steering exception for the host is the appropriate action to prevent SSL decryption on specific network traffic. Steering exceptions allow you to bypass decryption for designated hosts, which is useful for privacy-sensitive scenarios.


Question 4

Your small company of 10 people wants to deploy the Netskope client to all company users without requiring users to be imported using Active Directory, LDAP, or an IdP.



Answer : D

Deploying the Netskope client using an email invitation allows smaller companies to onboard users easily without relying on integration with AD, LDAP, or an IdP. This method is efficient for smaller teams that need a quick deployment without complex setup.


Question 5

Review the exhibit.

add log-upload syslogng parserconfig set log-upload syslogng parserconfig 0

logsource

You are asked to deploy a virtual appliance OPLP to accept syslog messages directly from the enterprise Palo Alto Networks firewall. You believe that you have configured the OPLP to accept the firewall logs, yet they are not appearing in Risk Insights. Referring to the exhibit, which parser name would be required to complete the new configuration?



Answer : A

The correct parser name to process syslog messages from Palo Alto Networks firewalls is 'panw-syslog.' Using the appropriate parser ensures that the logs are correctly interpreted and ingested by Netskope, making them available in Risk Insights.


Question 6

Your organization has three main locations with 30.000 hosts in each location. You are planning to deploy Netskope using iPsec tunnels for security.

What are two considerations to make a successful connection in this scenario? (Choose two.)



Answer : C, D

To deploy Netskope using IPSec tunnels for security in this scenario, two considerations to make a successful connection are C. redundant POPs and D. number of hosts. Redundant POPs are Points of Presence that are geographically distributed data centers that host the Netskope cloud platform. You need to consider redundant POPs to ensure high availability and resiliency of your IPSec tunnels in case of a failure or outage in one of the POPs.You can configure multiple IPSec tunnels from your network to different POPs and use dynamic routing protocols such as BGP to load balance and failover the traffic1. Number of hosts is the number of devices or endpoints that will use the IPSec tunnels to access the cloud services. You need to consider the number of hosts to estimate the bandwidth and throughput requirements of your IPSec tunnels and choose the appropriate POPs that can handle the traffic volume.You can use the Netskope Bandwidth Calculator tool to estimate the bandwidth and throughput based on the number of hosts, locations, and cloud services2. Therefore, options C and D are correct and the other options are incorrect.Reference:IPSec - Netskope Knowledge Portal,Netskope Bandwidth Calculator


Question 7

You are creating an API token to allow a DevSecOps engineer to create and update a URL list using REST API v2. In this scenario, which privilege(s) do you need to create in the API token?



Answer : B

To create an API token to allow a DevSecOps engineer to create and update a URL list using REST API v2, you need to provide read and write access for the ''/urllist'' endpoint. The ''/urllist'' endpoint is the API endpoint that allows you to manage URL lists in your Netskope tenant.You can use this endpoint to perform operations such as create, update, delete, or list URL lists3.To create an API token with this privilege, you need to go to Settings > Tools > REST API v2 > New Token, enter a token name and expiration time, add the ''/urllist'' endpoint, and select Read+Write as the privilege4. This will allow the DevSecOps engineer to use the API token in their requests to create and update URL lists. Therefore, option B is correct and the other options are incorrect.Reference:REST API v2 Overview - Netskope Knowledge Portal,Manage URL Lists - Netskope Knowledge Portal


Page:    1 / 14   
Total 93 questions