Netskope NSK200 NCCSI Exam Practice Test Instant Access

Question 1

You want the ability to perform automated remediation of misconfigurations on GitHub, Microsoft 365, Salesforce, ServiceNow, and Zoom.

ANetskope Infrastructure as a Service

BNetskope Remote Browser Isolation

CNetskope Cloud Firewall

DNetskope SaaS Security Posture Management

Answer : D

Netskope SaaS Security Posture Management (SSPM) is designed to automate the detection and remediation of security misconfigurations across SaaS applications, including GitHub, Microsoft 365, Salesforce, ServiceNow, and Zoom. SSPM provides visibility into and correction of misconfigurations to protect corporate data in cloud applications.

Question 2

Your company wants to know if there has been any unusual user activity. In the UI, you go to Skope IT -> Alerts.

Which two types of alerts would you filter to find this information? (Choose two.)

AAlert type = uba

BAlert type = anomaly

CAlert type = malware

DAlert type = policy

Answer : A, B

To identify unusual user activity, filter alerts by 'uba' (User Behavior Analytics) and 'anomaly.' UBA and anomaly alerts highlight deviations from typical user behavior, which are indicators of unusual or potentially risky activities.

Question 3

Your company wants to deploy Netskope using a tunnel because you have a mixture of device operating systems. You also do not want to enable encryption because you want to maximize bandwidth.

Aexplicit proxy

BIPsec

Cproxy chaining

DGRE

Answer : D

GRE tunnels are the optimal choice in this scenario. GRE is a commonly used, non-encrypted tunneling protocol that supports a variety of device operating systems, and it offers efficient bandwidth usage without encryption overhead, which aligns with the company's requirements.

Question 4

You discover the ongoing use of the native Dropbox client in your organization. Although Dropbox is not a corporate-approved application, you do not want to prevent the use of Dropbox. You do, however, want to ensure visibility into its usage.

AChange Windows and Mac steering exception actions to use Tunnel mode and set Netskope as the source IP address for SSO services.

BModify the existing tenant steering exception configuration to block the Dropbox native application to force users to use the Dropbox website.

CRemove all Dropbox entries from the tenant steering SSL configuration entirely.

DCreate a new tenant steering exception type of Destination Locations that contains the Dropbox application.

Answer : D

To allow the usage of Dropbox while maintaining visibility, create a new tenant steering exception of type 'Destination Locations' for Dropbox. This will enable traffic visibility for Dropbox while avoiding a block, as requested.

Question 5

You are troubleshooting private application access from a user's computer. The user is complaining that they cannot access the corporate file share; however, the private tunnel seems to be established. You open the npadebuglog.log file in a text editor and cannot find any reference to the private application.

AThe absence of npadebuglog.log entries is not significant.

BFile shares cannot be published using private access.

CThe user is not added to the required real-time policy.

DThe user needs to re-authenticate for private applications.

Answer : C

If there are no references to the private application in the npadebuglog.log, it is likely that the user is not added to the required real-time policy. Without proper policy assignment, the user's traffic will not be routed correctly through the private access setup, causing access issues.

Question 6

You are using Skope IT to analyze and correlate a security incident. You are seeing too many events generated by API policies. You want to filter for logs generated by the Netskope client only.

AUse the access_method filter and select Client from the dropdown menu.

BUse the access_method filter and select Tunnel from the dropdown menu.

CUse the access_method filter and select Logs from the dropdown menu.

DUse query mode and use access_method neq Client.

Answer : A

To filter for logs specifically generated by the Netskope client, select 'Client' from the access_method filter dropdown menu in Skope IT. This filter allows administrators to narrow down logs by access method, making it easier to troubleshoot issues related only to the Netskope client.

Question 7

Your customer has deployed the Netskope client to secure their Web traffic. Recently, they have enabled Cloud Firewall (CFW) to secure all outbound traffic for their endpoints. Through a recent acquisition, they must secure all outbound traffic at several remote offices where they have access to the local security stack (routers and firewalls). They cannot install the Netskope client.

AThey can configure Reverse Proxy integrated with their IdP.

BThey can deploy Netskope's DPOP to steer the targeted traffic to the Netskope Security Cloud.

CThey can use IPsec and GRE tunnels with Cloud Firewall.

DThey can secure the targeted outbound traffic using Netskope's Cloud Threat Exchange (CTE).

Answer : C

The correct solution is to use IPsec and GRE tunnels with Cloud Firewall. Netskope Cloud Firewall supports secure tunneling methods such as IPsec and GRE, enabling companies to steer traffic to the Netskope Security Cloud without requiring the Netskope client. This is particularly useful when endpoint installation of the client is not feasible, such as in remote offices where network infrastructure like routers and firewalls are available.

Netskope NSK200 Netskope Certified Cloud Security Integrator NCCSI Exam Practice Test