Summer Sale Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

Netskope NSK200 Dumps

Page: 1 / 10
Total 96 questions

Netskope Certified Cloud Security Integrator (NCCSI) Questions and Answers

Question 1

With Netskope DLP, which feature would be used to detect keywords such as " Confidential " or " Access key " ?

Options:

A.

Regular Expression

B.

Exact Match

C.

Fingerprint Classification

D.

Dictionary

Question 2

What are three methods to deploy a Netskope client? (Choose three.)

Options:

A.

Deploy Netskope client using SCCM.

B.

Deploy Netskope client using REST API v2.

C.

Deploy Netskope client using email invite.

D.

Deploy Netskope client using REST API v1.

E.

Deploy Netskope client using IdP.

Question 3

Review the exhibit.

as

You are asked to create a new role that allows analysts to view Events and Reports while providing user privacy. You need to avoid directly exposing identities and user location information.

Which three fields must you obfuscate in this scenario? (Choose three.)

Options:

A.

User IPs

B.

User names

C.

App names, URLs, and destination IPs

D.

File and object names

E.

Source location information

Question 4

Review the exhibit.

as

You are asked to create a new Real-time Protection policy to scan SMTP emails using data loss prevention (DLP) for personal health information (PHI). The scope is limited to only emails being sent from Microsoft Exchange Online to outside recipients.

Options:

A.

Web Access policy

B.

Email Outbound policy

C.

CTEP policy

D.

DLP policy

Question 5

You are implementing tenant access security and governance controls for privileged users. You want to start with controls that are natively available within the Netskope Cloud Security Platform and do not require external or third-party integration.

Which three access controls would you use in this scenario? (Choose three.)

Options:

A.

IP allowlisting to control access based upon source IP addresses.

B.

Login attempts to set the number of failed attempts before the admin user is locked out of the Ul.

C.

Applying predefined or custom roles to limit the admin ' s access to only those functions required for their job.

D.

Multi-factor authentication to verify a user ' s authenticity.

E.

History-based access control based on past security actions.

Question 6

Your organization has three main locations with 30.000 hosts in each location. You are planning to deploy Netskope using iPsec tunnels for security.

What are two considerations to make a successful connection in this scenario? (Choose two.)

Options:

A.

browsers in use

B.

operating systems

C.

redundant POPs

D.

number of hosts

Question 7

Review the exhibit.

as

You are asked to restrict users from accessing YouTube content tagged as Sport. You created the required real-time policy; however, users can still access the content

Referring to the exhibit, what is the problem?

Options:

A.

The website is in a steering policy exception.

B.

The policy changes have not been applied.

C.

The YouTube content cannot be controlled.

D.

The traffic matched a Do Not Decrypt policy

Question 8

Deploying the Netskope Client using IdP requires which two prerequisites? (Choose two.)

Options:

A.

The user must be authenticated using IdP.

B.

The Home POP Domain must be preconfigured using the client CLI parameters.

C.

The tenant name will be automatically determined during IdP authentication.

D.

The IdP mode parameter must be specified when installing the client.

Question 9

You are troubleshooting an issue with Microsoft where some users complain about an issue accessing OneDrive and SharePoint Online. The configuration has the Netskope client deployed and active for most users, but some Linux machines are routed to Netskope using GRE tunnels. You need to disable inspection for all users to begin troubleshooting the issue.

In this scenario, how would you accomplish this task?

Options:

A.

Create a Real-time Protection policy to isolate Microsoft 365.

B.

Create a Do Not Decrypt SSL policy for the Microsoft 365 App Suite.

C.

Create a steering exception for the Microsoft 365 domains.

D.

Create a Do Not Decrypt SSL policy for OneDrive.

Question 10

You want the ability to perform automated remediation of misconfigurations on GitHub, Microsoft 365, Salesforce, ServiceNow, and Zoom.

Options:

A.

Netskope Infrastructure as a Service

B.

Netskope Remote Browser Isolation

C.

Netskope Cloud Firewall

D.

Netskope SaaS Security Posture Management

Question 11

Review the exhibit.

as

Referring to the exhibit, which three statements are correct? (Choose three.)

Options:

A.

The request was processed successfully.

B.

A request was submitted to extract application event details.

C.

An invalid token was used.

D.

The request was limited to the first 5000 records.

E.

The request was confined to only the " Professional Networking and Social " category.

Question 12

Your customer has deployed the Netskope client to secure their Web traffic. Recently, they have enabled Cloud Firewall (CFW) to secure all outbound traffic for their endpoints. Through a recent acquisition, they must secure all outbound traffic at several remote offices where they have access to the local security stack (routers and firewalls). They cannot install the Netskope client.

Options:

A.

They can configure Reverse Proxy integrated with their IdP.

B.

They can deploy Netskope’s DPOP to steer the targeted traffic to the Netskope Security Cloud.

C.

They can use IPsec and GRE tunnels with Cloud Firewall.

D.

They can secure the targeted outbound traffic using Netskope’s Cloud Threat Exchange (CTE).

Question 13

An engineering firm is using Netskope DLP to identify and block sensitive documents, including schematics and drawings. Lately, they have identified that when these documents are blocked, certain employees may be taking screenshots and uploading them. They want to block any screenshots from being uploaded.

Which feature would you use to satisfy this requirement?

Options:

A.

exact data match (EDM)

B.

document fingerprinting

C.

ML image classifier

D.

optical character recognition (OCR)

Question 14

A company allows their users to access OneDrive on their managed laptops. It is against corporate policy to upload any documents to their personal OneDrive. The company needs to enforce this policy to protect their customer’s sensitive data.

What are two ways to enforce this policy? (Choose two.)

Options:

A.

Create DLP policies to block the upload of all the identified documents.

B.

Create DLP policies to allow document uploading only to the corporate OneDrive instance.

C.

Create a new application instance for the corporate OneDrive.

D.

Fingerprint all the documents to have a catalog of all the documents that the company needs to protect.

Question 15

The risk team at your company has determined that traffic from the sales team to a custom Web application should not be inspected by Netskope. All other traffic to the Web application should continue to be inspected. In this scenario, how would you accomplish this task?

Options:

A.

Create a Do Not Decrypt Policy using User Group and Domain in the policy page.

B.

Create a Do Not Decrypt Policy using Application in the policy page and a Steering Exception for Group

C.

Create a Do Not Decrypt Policy using Destination IP and Application in the policy page.

D.

Create a Do Not Decrypt Policy using Source IP and Application in the policy page.

Question 16

You are troubleshooting private application access from a user ' s computer. The user is complaining that they cannot access the corporate file share; however, the private tunnel seems to be established. You open the npadebuglog.log file in a text editor and cannot find any reference to the private application.

Options:

A.

The absence of npadebuglog.log entries is not significant.

B.

File shares cannot be published using private access.

C.

The user is not added to the required real-time policy.

D.

The user needs to re-authenticate for private applications.

Question 17

You are provisioning Netskope users from Okta with SCIM Provisioning, and users are not showing up in the tenant. In this scenario, which two Netskope components should you verify first In Okta for accuracy? (Choose two.)

Options:

A.

IdP Entity ID

B.

OAuth token

C.

Netskope SAML certificate

D.

SCIM server URL

Question 18

Review the exhibit.

as

You receive a service request from a user who indicates that their Netskope client is in a disabled state. The exhibit shows an excerpt (rom the affected client nsdebuglog.log.

What is the problem in this scenario?

Options:

A.

User authentication failed during IdP-based enrollment.

B.

The Netskope client connection is being decrypted.

C.

Custom installation parameters are incorrectly specified

D.

The user ' s account has not been provisioned into Netskope.

Question 19

Your company wants to deploy Netskope using a tunnel because you have a mixture of device operating systems. You also do not want to enable encryption because you want to maximize bandwidth.

Options:

A.

explicit proxy

B.

IPsec

C.

proxy chaining

D.

GRE

Question 20

A city uses many types of forms, including permit applications. These forms contain personal and financial information of citizens. Remote employees download these forms and work directly with the citizens to complete them. The city wants to be able to identify and monitor the specific forms and block the employees from downloading completed forms.

Which feature would you use to accomplish this task?

Options:

A.

exact data match (EDM)

B.

regular expressions (regex)

C.

document fingerprinting

D.

optical character recognition (OCR)

Question 21

Review the exhibit.

add log-upload syslogng parserconfig set log-upload syslogng parserconfig 0

logsource < log-source >

You are asked to deploy a virtual appliance OPLP to accept syslog messages directly from the enterprise Palo Alto Networks firewall. You believe that you have configured the OPLP to accept the firewall logs, yet they are not appearing in Risk Insights. Referring to the exhibit, which parser name would be required to complete the new configuration?

Options:

A.

panw-syslog

B.

sfwder

C.

custom-csv

D.

squid

Question 22

After setting up the Netskope client in an explicit proxy environment, the Netskope client establishes the SSL tunnel between the client and the Netskope gateway. The client cannot connect directly through the default gateway to establish the SSL tunnel. In this scenario, what needs to be done for the client to connect to the Netskope gateway?

Options:

A.

Configure the PAC files of the system ' s proxy settings to open a connection to the explicit proxy server.

B.

Set up an HTTP proxy server to tunnel the SSL connection to the Netskope gateway.

C.

Install proxy decryption certificates on the device.

D.

Allow outbound domains and port 443 for the proxy configuration.

Question 23

A customer wants to deploy the Netskope client on all their employee laptops to protect all Web traffic when users are working from home. However, users are required to work from their local offices at least one day per week. Management requests that users returning to the office be able to transparently leverage the local security stack without any user intervention.

Which two statements are correct in this scenario? (Choose two.)

Options:

A.

You must enable On-premises Detection in the client configuration.

B.

You must allow users to unenroll In the client configuration.

C.

You must disable Dynamic Steering in the traffic steering profile.

D.

You must configure IPsec/GRE tunnels on the local network to steer traffic to Netskope.

Question 24

You notice that your Netskope client icon has a red dot and see " Disabled due to error " when hovering the mouse over the icon. What are two reasons for this message? (Choose two.)

Options:

A.

The client service is manually stopped.

B.

The steering exceptions are incorrect.

C.

The client health check has failed.

D.

The client traffic is directed over iPsec.

Question 25

Your IT organization is migrating its user directory services from Microsoft Active Directory to a cloud-based Identity Provider (IdP) solution, Azure AD. You are asked to adapt the Netskope user provisioning process to work with this new cloud-based IdP.

Options:

A.

Directory Importer

B.

Microsoft GPO

C.

SCIMApp

D.

Manual Import

Question 26

You are having issues with fetching user and group Information periodically from the domain controller and posting that information to your tenant instance in the Netskope cloud. To begin the troubleshooting process, what would you Investigate first in this situation?

Options:

A.

On-Premises Log Parser

B.

Directory Importer

C.

DNS Connector

D.

AD Connector

Question 27

You are preparing to deploy Netskope at your company. Users will be 100% remote but are required to deploy the Netskope client to access any company resources. Management wants to ensure that the Netskope client cannot be installed by users outside of the company. In this scenario, how do you ensure that the correct users get connected to Netskope?

Options:

A.

Enroll users using the corporate IdP.

B.

Enroll users using corporate OAuth.

C.

Enroll users using an email invitation.

D.

Enroll users using Netskope UEBA.

Question 28

Your company has Microsoft Azure ADFS set up as the Identity Provider (idP). You need to deploy the Netskope client to all company users on Windows laptops without user intervention.

In this scenario, which two deployment options would you use? (Choose two.)

Options:

A.

Deploy the Netskope client with SCCM.

B.

Deploy the Netskope client with Microsoft GPO.

C.

Deploy the Netskope client using IdP.

D.

Deploy the Netskope client using an email Invitation.

Page: 1 / 10
Total 96 questions