Netskope Certified Cloud Security Integrator NSK200 NCCSI Exam Practice Test

Page: 1 / 14
Total 93 questions
Question 1

Review the exhibit.

Given the information shown below:

- for PCI data uploads, you want to provide no notification,

- for PHI data uploads, you want to allow users to proceed by clicking OK,

- for GDPR data uploads, you want to provide block notification,

- if none of the above matches, you want to provide no notification.

You want to reduce the number of policies by combining multiple DLP profiles Into one policy.

Referring to the exhibit, which two statements are true? (Choose two.)



Answer : B, D


Question 2

Your company wants to deploy Netskope using a tunnel because you have a mixture of device operating systems. You also do not want to enable encryption because you want to maximize bandwidth.



Answer : D

GRE tunnels are the optimal choice in this scenario. GRE is a commonly used, non-encrypted tunneling protocol that supports a variety of device operating systems, and it offers efficient bandwidth usage without encryption overhead, which aligns with the company's requirements.


Question 3

Review the exhibit.

You are troubleshooting a Netskope client for user Clarke which remains in a disabled state after being installed. After looking at various logs, you notice something which might explain the problem. The exhibit is an excerpt from the nsADImporterLog.log.

Referring to the exhibit, what is the problem?



Answer : B

The problem is B. The Active Directory user is not synchronized to the Netskope tenant. This is evident from the log message ''WARNING No mail ID for the user: Clarke, Daxmeifield, DC=local, skipping use''. This means that the user Clarke does not have a valid email address in the Active Directory, which is required for the Netskope client to work. The Netskope client uses the email address of the user to authenticate and enable the client. Therefore, option B is correct and the other options are incorrect.


Question 4

You are creating an API token to allow a DevSecOps engineer to create and update a URL list using REST API v2. In this scenario, which privilege(s) do you need to create in the API token?



Answer : B

To create an API token to allow a DevSecOps engineer to create and update a URL list using REST API v2, you need to provide read and write access for the ''/urllist'' endpoint. The ''/urllist'' endpoint is the API endpoint that allows you to manage URL lists in your Netskope tenant.You can use this endpoint to perform operations such as create, update, delete, or list URL lists3.To create an API token with this privilege, you need to go to Settings > Tools > REST API v2 > New Token, enter a token name and expiration time, add the ''/urllist'' endpoint, and select Read+Write as the privilege4. This will allow the DevSecOps engineer to use the API token in their requests to create and update URL lists. Therefore, option B is correct and the other options are incorrect.Reference:REST API v2 Overview - Netskope Knowledge Portal,Manage URL Lists - Netskope Knowledge Portal


Question 5

Review the exhibit.

You are asked to restrict users from accessing YouTube content tagged as Sport. You created the required real-time policy; however, users can still access the content

Referring to the exhibit, what is the problem?



Answer : D

The problem in this scenario is that the traffic matched a Do Not Decrypt policy.A Do Not Decrypt policy is a rule that specifies the traffic that you want to leave encrypted and not further analyzed by Netskope via the Real-time Protection policies1. In the exhibit, we can see that the traffic from the user to YouTube has a ''Bypass Traffic'' value of ''yes'' and a ''Netskope'' value of ''yes''.This means that the traffic was steered to Netskope but not decrypted or inspected2. Therefore, the real-time policy that was created to restrict users from accessing YouTube content tagged as Sport did not apply, and users could still access the content.To solve this problem, you need to either remove or modify the Do Not Decrypt policy that matches the traffic to YouTube, or create an exception for the Sport category in the policy3. Therefore, option D is correct and the other options are incorrect.Reference:Page Events - Netskope Knowledge Portal,Add a Policy for SSL Decryption - Netskope Knowledge Portal,YouTube Content Control - Netskope Knowledge Portal


Question 6

Your small company of 10 people wants to deploy the Netskope client to all company users without requiring users to be imported using Active Directory, LDAP, or an IdP.



Answer : D

Deploying the Netskope client using an email invitation allows smaller companies to onboard users easily without relying on integration with AD, LDAP, or an IdP. This method is efficient for smaller teams that need a quick deployment without complex setup.


Question 7

The risk team at your company has determined that traffic from the sales team to a custom Web application should not be inspected by Netskope. All other traffic to the Web application should continue to be inspected. In this scenario, how would you accomplish this task?



Answer : A

To prevent traffic from the sales team to a custom Web application from being inspected by Netskope, you need to create a Do Not Decrypt Policy using User Group and Domain in the policy page.A Do Not Decrypt Policy allows you to specify the traffic you want to leave encrypted and not further analyzed by Netskope via the Real-time Protection policies3. You can use the User Group criteria to match the sales team members and the Domain criteria to match the custom Web application. This way, only the traffic from the sales team to the custom Web application will be exempted from decryption, while all other traffic to the Web application will continue to be inspected.


Page:    1 / 14   
Total 93 questions