Page: 1
/ 14
Total 60 questions
Netskope NSK300 Netskope Certified Cloud Security Architect Exam Practice Test
Question 1
You have multiple networking clients running on an endpoint and client connectivity is a concern. You are configuring co-existence with a VPN solution in this scenario, what is recommended to prevent potential routing issues?
Answer : B
To prevent potential routing issues and ensure that the Netskope agent consistently sees the traffic first, it is recommended tomodify the VPN to operate in full tunnel mode at Layer 3.
In full tunnel mode, all traffic from the endpoint is routed through the VPN, including traffic destined for Netskope. This ensures that the Netskope agent can inspect and apply policies to all traffic, regardless of the destination.
Layer 3 full tunnel mode provides better visibility and control over the traffic flow, reducing the risk of routing conflicts or bypassing the Netskope inspection.Reference:
The answer is based on general knowledge of VPN configurations and their impact on traffic routing.
Question 2
You want to verify that Google Drive is being tunneled to Netskope by looking in the nsdebuglog file. You are using Chrome and the Netskope Client to steer traffic. In this scenario, what would you expect to see in the log file?
A)
B)
C)
D)
Question 3
Review the exhibit.
A user has attempted to upload a file to Microsoft OneDrive that contains source code with Pll and PCI data.
Referring to the exhibit, which statement Is correct?
Answer : C
In the given scenario, a user is attempting to upload a file containing sensitive PII and PCI data to Microsoft OneDrive. The Netskope Security Cloud provides real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Based on the exhibit provided, different DLP (Data Loss Prevention) profiles are triggered - DLP-SourceCode, DLP-PCI, and DLP-PII. Each of these profiles has specific actions associated with them; for instance, an alert is generated for Source Code while blocking actions are initiated for PCI and PII data. Since multiple DLP profiles are triggered due to the sensitive nature of the content in the file being uploaded, separate incidents will be generated for each matching profile ensuring comprehensive security coverage and incident reporting.
Question 4
You want to enable the Netskope Client to automatically determine whether it is on-premises or off-premises. Which two options in the Netskope Ul would you use to accomplish this task? (Choose two.)
Answer : C, D
To enable the Netskope Client to automatically determine whether it is on-premises or off-premises, you can use the following options in the Netskope UI:
Enable Dynamic Steering:
This option is available in theSteering Configurationsection of the UI.
By enabling dynamic steering, the Netskope Client can intelligently determine the appropriate data plane (on-premises or cloud) based on the user's location and network conditions.
It ensures that traffic is directed to the optimal data plane for improved performance and security.
On Premises Detection:
This option is available under theClient Configurationsection of the UI.
By configuring on-premises detection, the Netskope Client can identify whether it is connected to the local network (on-premises) or accessing resources from outside (off-premises).
It helps in applying relevant policies and steering traffic accordingly.
Question 5
You deployed the Netskope Client for Web steering in a large enterprise with dynamic steering. The steering configuration includes a bypass rule for an application that is IP restricted. What is the source IP for traffic to this application when the user is on-premises at the enterprise?
Answer : C
When a user is on-premises at the enterprise and accesses an application that is IP restricted, the source IP for traffic to this application is theEnterprise Egress IPv4address.
The Enterprise Egress IP represents the external IP address of the enterprise network as seen by external services or applications.
This IP address is used for communication between the user's device and external resources, including applications that are IP restricted.Reference:
The answer is based on general knowledge of networking concepts and how IP addresses are used in enterprise environments.
Question 6
You do not want a scheduled Advanced Analytics dashboard to be automatically updated when Netskope makes improvements to that dashboard. In this scenario, what would you do to retain the original dashboard?
Answer : D
To retain the original dashboard without automatic updates due to improvements made by Netskope, you can download the desired dashboard and then import it from a file into your Group or Personal folder.
This approach ensures that you have a static version of the dashboard that won't be affected by future changes or enhancements.Reference:
The answer is based on general knowledge of dashboard management and customization within Netskope.
Question 7
You are asked to create a customized restricted administrator role in your Netskope tenant for a newly hired employee. Which two statements are correct in this scenario? (Choose two.)
Answer : A, C
Admin Role and File Content Viewing: By default, an admin role doesnotprevent admins from downloading and viewing file content. Admins have access to view and download file content unless specific restrictions are applied.
Role Privileges Default to Read Only: All role privileges in Netskope default toRead Onlyfor all functional areas. This means that admins can view information but cannot make changes unless explicitly granted additional permissions.
Obfuscation: Obfuscation can be applied to specific functional areas, but it is not a default behavior for all areas.Reference:
Netskope Security Cloud Introductory Online Technical Training
Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Training
All Official Question Types