Netskope NSK200 NCCSI Exam Practice Test Instant Access

Question 1

Your company wants to deploy Netskope using a tunnel because you have a mixture of device operating systems. You also do not want to enable encryption because you want to maximize bandwidth.

Aexplicit proxy

BIPsec

Cproxy chaining

DGRE

Answer : D

GRE tunnels are the optimal choice in this scenario. GRE is a commonly used, non-encrypted tunneling protocol that supports a variety of device operating systems, and it offers efficient bandwidth usage without encryption overhead, which aligns with the company's requirements.

Question 2

You discover the ongoing use of the native Dropbox client in your organization. Although Dropbox is not a corporate-approved application, you do not want to prevent the use of Dropbox. You do, however, want to ensure visibility into its usage.

AChange Windows and Mac steering exception actions to use Tunnel mode and set Netskope as the source IP address for SSO services.

BModify the existing tenant steering exception configuration to block the Dropbox native application to force users to use the Dropbox website.

CRemove all Dropbox entries from the tenant steering SSL configuration entirely.

DCreate a new tenant steering exception type of Destination Locations that contains the Dropbox application.

Answer : D

To allow the usage of Dropbox while maintaining visibility, create a new tenant steering exception of type 'Destination Locations' for Dropbox. This will enable traffic visibility for Dropbox while avoiding a block, as requested.

Question 3

You are troubleshooting private application access from a user's computer. The user is complaining that they cannot access the corporate file share; however, the private tunnel seems to be established. You open the npadebuglog.log file in a text editor and cannot find any reference to the private application.

AThe absence of npadebuglog.log entries is not significant.

BFile shares cannot be published using private access.

CThe user is not added to the required real-time policy.

DThe user needs to re-authenticate for private applications.

Answer : C

If there are no references to the private application in the npadebuglog.log, it is likely that the user is not added to the required real-time policy. Without proper policy assignment, the user's traffic will not be routed correctly through the private access setup, causing access issues.

Question 4

You are using Skope IT to analyze and correlate a security incident. You are seeing too many events generated by API policies. You want to filter for logs generated by the Netskope client only.

AUse the access_method filter and select Client from the dropdown menu.

BUse the access_method filter and select Tunnel from the dropdown menu.

CUse the access_method filter and select Logs from the dropdown menu.

DUse query mode and use access_method neq Client.

Answer : A

To filter for logs specifically generated by the Netskope client, select 'Client' from the access_method filter dropdown menu in Skope IT. This filter allows administrators to narrow down logs by access method, making it easier to troubleshoot issues related only to the Netskope client.

Question 5

Your customer has deployed the Netskope client to secure their Web traffic. Recently, they have enabled Cloud Firewall (CFW) to secure all outbound traffic for their endpoints. Through a recent acquisition, they must secure all outbound traffic at several remote offices where they have access to the local security stack (routers and firewalls). They cannot install the Netskope client.

AThey can configure Reverse Proxy integrated with their IdP.

BThey can deploy Netskope's DPOP to steer the targeted traffic to the Netskope Security Cloud.

CThey can use IPsec and GRE tunnels with Cloud Firewall.

DThey can secure the targeted outbound traffic using Netskope's Cloud Threat Exchange (CTE).

Answer : C

The correct solution is to use IPsec and GRE tunnels with Cloud Firewall. Netskope Cloud Firewall supports secure tunneling methods such as IPsec and GRE, enabling companies to steer traffic to the Netskope Security Cloud without requiring the Netskope client. This is particularly useful when endpoint installation of the client is not feasible, such as in remote offices where network infrastructure like routers and firewalls are available.

Question 6

You are using the Netskope DLP solution. You notice flies containing test data for credit cards are not triggering DLP events when uploaded to Dropbox. There are corresponding page events. Which two scenarios would cause this behavior? (Choose two.)

AThe Netskope client Is not steering Dropbox traffic.

BThe DLP rule has the severity threshold set to a value higher than the number of occurrences.

CThe credit card numbers in your test data are Invalid 16-dlglt numbers.

DThere is no API protection configured for Dropbox.

Answer : B, C

There are two possible scenarios that would cause the behavior of files containing test data for credit cards not triggering DLP events when uploaded to Dropbox. One scenario is that the DLP rule has the severity threshold set to a value higher than the number of occurrences. This means that the rule will only trigger an event if the number of matches for the sensitive data exceeds the specified threshold. For example, if the rule has a severity threshold of 10 and the file contains only 5 credit card numbers, then no event will be generated. To fix this, you can lower the severity threshold or remove it altogether. The other scenario is that the credit card numbers in your test data are invalid 16-digit numbers. This means that the numbers do not pass the Luhn algorithm check, which is a validation method used by Netskope DLP to detect valid credit card numbers. For example, if the number is 1234-5678-9012-3456, then it is not a valid credit card number and will not be detected by Netskope DLP. To fix this, you can use valid test credit card numbers that pass the Luhn algorithm check. The other options are not valid scenarios for this behavior. The Netskope client is not steering Dropbox traffic is not a valid scenario because there are corresponding page events, which means that the traffic is being steered to Netskope.There is no API protection configured for Dropbox is not a valid scenario because API protection is not required for DLP detection on file uploads, which are handled by real-time protection.Reference:DLP Rule Settings1,Credit Card Number Detection2

Question 7

You want to provision users and groups to a Netskope tenant. You have Microsoft Active Directory servers hosted in two different forests. Which statement is true about this scenario?

AYou can use the Netskope Adapter Tool for user provisioning.

BYou can use the Netskope virtual appliance for user provisioning

CYou cannot provision users until you migrate to Azure AD or Okta.

DYou can use SCIM version 2 for user provisioning.

Answer : D

You can use SCIM version 2 for user provisioning in this scenario. SCIM (System for Cross-domain Identity Management) is a standard protocol for exchanging identity information across different cloud applications. Netskope supports SCIM version 2 and can integrate with identity providers (IdPs) that follow the same standard, such as Microsoft Azure AD, Okta, OneLogin, and Ping Identity. You can use SCIM to provision users and groups from multiple Active Directory forests to a Netskope tenant. The other options are not valid for this scenario. The Netskope Adapter Tool and the Netskope virtual appliance are used for user identification, not provisioning. They can only connect to one Active Directory forest at a time.You do not need to migrate to Azure AD or Okta to provision users, as Netskope supports other IdPs that use SCIM as well.Reference:Provisioning Users for Netskope Client1,SCIM Integration2

Netskope NSK200 Netskope Certified Cloud Security Integrator NCCSI Exam Practice Test