New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Netskope NSK300 Netskope Certified Cloud Security Architect Exam Exam Practice Test

Page: 1 / 6
Total 60 questions

Netskope Certified Cloud Security Architect Exam Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

You are using Netskope CSPM for security and compliance audits across your multi-cloud environments. To decrease the load on the security operations team, you are researching how to auto-re mediate some of the security violations found in low-risk environments.

Which statement is correct in this scenario?

Options:

A.

Netskope does not support automatic remediation of security violation results due to the high risk associated with it.

B.

You can use Netskope API-enabled Protection for auto-remediation of security violation results.

C.

You can use Netskope Auto-remediation frameworks from the public Netskope GitHub Open Source repository for auto-re mediation of security violation results.

D.

You can use Netskope Cloud Exchange for auto-remediation of security violation results.

Question 2

Review the exhibit.

You are attempting to block uploads of password-protected files. You have created the file profile shown in the exhibit.

Where should you add this profile to use in a Real-time Protection policy?

Options:

A.

Add the profile to a DLP profile that is used in a Real-time Protection policy.

B.

Add the profile to a Malware Detection profile that is used in a Real-time Protection policy.

C.

Add the profile directly to a Real-time Protection policy as a Constraint.

D.

Add the profile to a Constraint profile that is used in a Real-time Protection policy.

Question 3

You deployed the Netskope Client for Web steering in a large enterprise with dynamic steering. The steering configuration includes a bypass rule for an application that is IP restricted. What is the source IP for traffic to this application when the user is on-premises at the enterprise?

Options:

A.

Loopback IPv4

B.

Netskope data plane gateway IPv4

C.

Enterprise Egress IPv4

D.

DHCP assigned RFC1918 IPv4

Question 4

A company wants to capture and maintain sensitive Pll data in a relational database to help their customers. There are many employees and contractors that need access to sensitive customer data to perform their duties The company wants to prevent theexfiltrationof sensitive customer data by their employees and contractors.

In this scenario. what would satisfy this requirement?

Options:

A.

fingerprinting

B.

exact data match

C.

regular expression

D.

machine learning

Question 5

You have users connecting to Netskope from around the world You need a way for your NOC to quickly view the status of the tunnels and easily visualize where the tunnels are located Which Netskope monitoring tool would you use in this scenario?

Options:

A.

Network Steering in Digital Experience Management

B.

Network Events in Skope IT

C.

Web Usage Summary in Advanced Analytics

D.

Alerts in Skope IT

Question 6

Given the following:

Which result does this Skope IT query provide?

Options:

A.

The query returns all events of user@company.com downloading or uploading to or from the site 'Amazon S3" using the Netskope Client.

B.

The query returns all events of an IP address downloading or uploading to or from Amazon S3 using the Netskope Client.

C.

The query returns all events of everyone except user@company.com downloading or uploading to or from the site "Amazon S3" using the Netskope Client.

D.

The query returns all events of user@company.com downloading or uploading to or from the application "Amazon S3" using the Netskope Client.

Question 7

Review the exhibit.

You are the proxy administrator for a medical devices company. You recently changed a pilot group of users from cloud app steering to all Web traffic. Pilot group users have started to report that they receive the error shown in the exhibit when attempting to access the company intranet site that is publicly available. During troubleshooting, you realize that this site uses your company's internal certificate authority for SSL certificates.

Which three statements describe ways to solve this issue? (Choose three.)

Options:

A.

Import the root certificate for your internal certificate authority into Netskope.

B.

Bypass SSL inspection for the affected site(s).

C.

Create a Real-time Protection policy to allow access.

D.

Change the SSL Error Settings from Block to Bypass in the Netskope tenant.

E.

Instruct the user to proceed past the error message

Question 8

Your organization's software deployment team did the initial install of the Netskope Client with SCCM. As the Netskope administrator, you will be responsible for all up-to-date upgrades of the client.

Which two actions would be required to accomplish this task9 (Choose two.)

Options:

A.

In the Client Configuration, set Upgrade Client Automatically to Latest Release.

B.

Set the installmode-IDP flag during the original Install.

C.

Set the autoupdate-on flag during the original Install.

D.

In the Client Configuration, set Upgrade Client Automatically to Specific Golden Release.

Question 9

You deployed IPsec tunnels to steer on-premises traffic to Netskope. You are now experiencing problems with an application that had previously been working. In an attempt to solve the issue, you create a Steering Exception in the Netskope tenant tor that application: however, the problems are still occurring

Which statement is correct in this scenario?

Options:

A.

You must create a private application to steer Web application traffic to Netskope over an IPsec tunnel.

B.

Exceptions only work with IP address destinations

C.

Steering bypasses for IPsec tunnels must be applied at your edge network device.

D.

You must deploy a PAC file to ensure the traffic is bypassed pre-tunnel

Question 10

You are building an architecture plan to roll out Netskope for on-premises devices. You determine that tunnels are the best way to achieve this task due to a lack of support for explicit proxy in some instances and IPsec is the right type of tunnel to achieve the desired security and steering.

What are three valid elements that you must consider when using IPsec tunnels in this scenario? (Choose three.)

Options:

A.

cipher support on tunnel-initiating devices

B.

bandwidth considerations

C.

the categories to be blocked

D.

the impact of threat scanning performance

E.

Netskope Client behavior when on-premises

Question 11

A company has deployed Explicit Proxy over Tunnel (EPoT) for their VDI users They have configured Forward Proxy authentication using Okta Universal Directory They have also configured a number of Real-time Protection policies that blockaccess to different Web categories for different AD groups so. for example, marketing users are blocked from accessing gambling sites. During User Acceptance Testing, they see inconsistent results where sometimes marketing users are able to access gambling sites and sometimes they are blocked as expected They are seeing this inconsistency based on who logs into the VDI server first.

What is causing this behavior?

Options:

A.

Forward Proxy is not configured to use the Cookie Surrogate

B.

Forward Proxy is not configured to use the IP Surrogate

C.

Forward Proxy authentication is configured but not enabled.

D.

Forward Proxy is configured to use the Cookie Surrogate

Question 12

What are three valid Instance Types for supported SaaS applications when using Netskope's API-enabled Protection? (Choose three.)

Options:

A.

Forensic

B.

API Data Protection

C.

Behavior Analytics

D.

DLP Scan

E.

Quarantine

Question 13

You want to verify that Google Drive is being tunneled to Netskope by looking in the nsdebuglog file. You are using Chrome and the Netskope Client to steer traffic. In this scenario, what would you expect to see in the log file?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 14

You recently began deploying Netskope at your company. You are steering all traffic, but you discover that the Real-time Protection policies you created to protect Microsoft OneDrive are not being enforced.

Which default setting in the Ul would you change to solve this problem?

Options:

A.

Disable the default Microsoft appsuite SSL rule.

B.

Disable the default certificate-pinned application

C.

Remove the default steering exception for domains.

D.

Remove the default steering exception for Cloud Storage.

Question 15

You are architecting a Netskope steering configuration for devices that are not owned by the organization The users could be either on-premises or off-premises and the architecture requires that traffic destined to the company's instance of Microsoft 365 be steered to Netskope for inspection.

How would you achieve this scenario from a steering perspective?

Options:

A.

Use IPsec and GRE tunnels.

B.

Use reverse proxy.

C.

Use explicit proxy and the Netskope Client

D.

Use DPoP and Secure Forwarder

Question 16

Review the exhibit.

You work for a medical insurance provider. You have Netskope Next Gen Secure Web Gateway deployed to all managed user devices with limited block policies. Your manager asks that you begin blocking Cloud Storage applications that are not HIPAA compliant Prior to implementing this policy, you want to verity that no business or departmental applications would be blocked by this policy.

Referring to the exhibit, which query would you use in the Edit Widget window to narrow down the results?

Options:

A.

app-ccl-compliance-cert neq 'HIPAA' and category eq 'Cloud Storage'

B.

Cloud Confidence Compliance neq HIPAA and Cloud Confidence Category is Cloud Storage

C.

SELECT application WHERE 'HIPAA' NOT IN app-cci-compliance AND WHERE 'Cloud Storage' IN category

D.

app-compliance does not contain HIPAA and category must equal Cloud Storage

Question 17

You are implementing a solution to deploy Netskope for machine traffic in an AWS account across multiple VPCs. You want to deploy the least amount of tunnels while providing connectivity for all VPCs.

How would you accomplish this task?

Options:

A.

Use IPsec tunnels from the AWS Virtual Private Gateway.

B.

Use GRE tunnels from the AWS Transit Gateway.

C.

Use GRE tunnels from the AWS Virtual Private Gateway

D.

Use IPsec tunnels from the AWS Transit Gateway.

Question 18

You are asked to ensure that a Web application your company uses is both reachable and decrypted by Netskope. This application is served using HTTPS on port 6443. Netskope is configured with a default Cloud Firewall configuration and the steering configuration is set for All Traffic.

Which statement is correct in this scenario?

Options:

A.

Create a Firewall App in Netskope along with the corresponding Real-time Protection policy to allow the traffic.

B.

Nothing isrequired since Netskope is steering all traffic.

C.

Enable "Steernon-standard ports" in the steering configuration and add the domain and port as a new non-standard port

D.

Enable "Steer non-standard ports" in the steering configuration and create a corresponding Real-time Protection policy to allow the traffic

Page: 1 / 6
Total 60 questions