New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Netskope NSK101 Dumps Questions Answers

Page: 1 / 10
Total 129 questions

Netskope Certified Cloud Security Administrator (NCCSA) Questions and Answers

Question 1

You are creating a real-time policy for cloud applications.

In addition to users, groups, and organizational units, which two source criteria would support this scenario? (Choose two.)

Options:

A.

protocol version

B.

access method

C.

browser version

D.

device classification

Buy Now
Question 2

What are two valid use cases for the Cloud Confidence Index (CCI)? (Choose two.)

Options:

A.

To recategorize cloud applications in the database

B.

To delete cloud applications from the database

C.

To identify the activities that Netskope supports for cloud applications

D.

To compare similar cloud applications

Question 3

Click the Exhibit button.

Referring to the exhibit, what are two recommended steps to be set on the perimeter device to monitor IPsec tunnels to a Netskope data plane? (Choose two.)

Options:

A.

Enable IKE Dead Peer Detection (DPD) for each tunnel.

B.

Send ICMP requests to the Netskope location's Probe IP

C.

Send HTTP requests to the Netskope location's Probe IP.

D.

Send ICMP requests to the Netskope location's proxy IPs.

Question 4

A customer wants to detect misconfigurations in their AWS cloud instances.

In this scenario, which Netskope feature would you recommend to the customer?

Options:

A.

Netskope Secure Web Gateway (SWG)

B.

Netskope Cloud Security Posture Management (CSPM)

C.

Netskope Advanced DLP and Threat Protection

D.

Netskope SaaS Security Posture Management (SSPM)

Question 5

A new customer is concerned about performance, especially with respect to Microsoft 365. They have offices in 20 countries around the world and their workforce is mostly mobile.

In this scenario, which two statements about NewEdge would align with the customer's requirements? (Choose two.)

Options:

A.

NewEdge accurately identifies Microsoft 365 violations and data risks.

B.

NewEdge provides advanced public cloud infrastructure security.

C.

NewEdge provides direct peering with Microsoft in every data center.

D.

NewEdge delivers a single, unified network with all services available in all locations worldwide.

Question 6

When would an administrator need to use a tombstone file?

Options:

A.

You use a tombstone file when a policy causes a file download to be blocked.

B.

You use a tombstone file when a policy causes a publicly shared file to be encrypted.

C.

You use a tombstone file when the policy causes a file to be moved to quarantine.

D.

You use a tombstone file when a policy causes a file to be moved to legal hold.

Question 7

Your department is asked to report on GDPR data publicly exposed in Microsoft 365, Salesforce. and Slack-sanctioned cloud applications. Which deployment model would you use to discover this data?

Options:

A.

reverse proxy

B.

on-premises appliance

C.

API-enabled protection

D.

inline protection

Question 8

You have an issue with the Netskope client connecting to the tenant.

In this scenario, what are two ways to collect the logs from the client machine? (Choose two.)

Options:

A.

from the Netskope client Ul About page

B.

from the command line using the nsdiag command

C.

from the Netskope client system tray icon

D.

from the Netskope client Ul Configuration page

Question 9

You are required to mitigate malicious scripts from being downloaded into your corporate devices every time a user goes to a website. Users need to access websites from a variety of categories, including new websites.

Which two actions would help you accomplish this task while allowing the user to work? (Choose two.)

Options:

A.

Allow the user to browse uncategorized domains but restrict edit activities.

B.

Block malware detected on download activity for all remaining categories.

C.

Block known bad websites and enable RBI to uncategorized domains.

D.

Allow a limited amount of domains and block everything else.

Question 10

In the Tenant III, which two methods would an administrator use to update a File Profile with malicious file hashes? (Choose two)

Options:

A.

Upload a CSV file of malicious file hashes.

B.

Create a Threat Protection Profile to define a block list of malicious files.

C.

Input a list of malicious file hashes.

D.

Upload a JSON file of malicious file hashes.

Question 11

When designing an architecture with Netskope Private Access, which element guarantees connectivity between the Netskope cloud and the private application?

Options:

A.

Netskope Publisher

B.

API connector

C.

Third-party router with GRE/IPsec support

D.

Netskope Client

Question 12

A company is attempting to steer traffic to Netskope using GRE tunnels. They notice that after the initial configuration, users cannot access external websites from their browsers.

What are three probable causes for this issue? (Choose three.)

Options:

A.

The pre-shared key for the GRE tunnel is incorrect.

B.

The configured GRE peer in the Netskope platform is incorrect.

C.

The corporate firewall might be blocking GRE traffic.

D.

The route map was applied to the wrong router interface.

E.

Netskope does not support GRE tunnels.

Question 13

Click the Exhibit button.

A user is uploading a file containing PCI-DSS data to the corporate Google Drive instance. You notice that the upload is not blocked by the policy shown in the exhibit. Which statement is correct in this scenario?

Options:

A.

The policy is not applied to the correct user group.

B.

The policy is not applied to the correct URL category.

C.

The policy is not applied in the correct order.

D.

The policy is not applied to the correct application activity.

Question 14

Which two statements are correct about DLP Incidents in the Netskope platform? (Choose two.)

Options:

A.

An incident can be associated to one or more DLP policies.

B.

An incident can have one or more DLP violations.

C.

An incident can be assigned to one or more administrators.

D.

An incident can be associated to one or more DLP rules.

Question 15

You want to set up a Netskope API connection to Box.

What two actions must be completed to enable this connection? (Choose two.)

Options:

A.

Install the Box desktop sync client.

B.

Authorize the Netskope application in Box.

C.

Integrate Box with the corporate IdP.

D.

Configure Box in SaaS API Data protection.

Question 16

What are two pillars of CASB? (Choose two.)

Options:

A.

visibility

B.

compliance

C.

cloud native

D.

SASE

Question 17

You are deploying TLS support for real-time Web and SaaS transactions. What are two secure implementation methods in this scenario? (Choose two.)

Options:

A.

Bypass TLS 1.3 because it is not widely adopted.

B.

Downgrade to TLS 1.2 whenever possible.

C.

Support TLS 1.2 only when 1.3 is not supported by the server.

D.

Require TLS 1.3 for every server that accepts it.

Question 18

Why would you want to define an App Instance?

Options:

A.

to create an API Data Protection Policy for a personal Box instance

B.

to differentiate between an enterprise Google Drive instance vs. a personal Google Drive instance

C.

to enable the instance_id attribute in the advanced search field when using query mode

D.

to differentiate between an enterprise Google Drive instance vs. an enterprise Box instance

Question 19

What are two supported ways to provision users to your customer's Netskope tenant? (Choose two.)

Options:

A.

Use Microsoft Intune.

B.

Use the AD Connector.

C.

Use SCIM.

D.

Use the Directory Importer.

Question 20

Which two technologies form a part of Netskope's Threat Protection module? (Choose two.)

Options:

A.

log parser

B.

DLP

C.

sandbox

D.

heuristics

Question 21

According to Netskope. what are two preferred methods to report a URL miscategorization? (Choose two.)

Options:

B.

Use the URL Lookup page in the dashboard.

C.

Email support@netskope.com.

D.

Tag Netskope on Twitter.

Question 22

API-enabled Protection traffic is sent to which Netskope component?

Options:

A.

Netskope Publisher

B.

Netskope Management Plane

C.

Netskope Data Plane

D.

Netskope Reverse Proxy

Question 23

You want to use an out-of-band API connection into your sanctioned Microsoft 365 OneDrive for Business application to find sensitive content, enforce near real-time policy controls, and quarantine malware.

In this scenario, which primary function in the Netskope platform would you use to connect your application to Netskope?

Options:

A.

DLP forensics

B.

Risk Insights

C.

laaS API-enabled Protection

D.

SaaS API-enabled Protection

Question 24

You are working with traffic from applications with pinned certificates. In this scenario, which statement is correct?

Options:

A.

An exception should be added to the steering configuration.

B.

The domains used by certificate-pinned applications should be added to the authentication bypass list.

C.

Traffic with pinned certificates should be blocked.

D.

The domains used by applications with pinned certificates should be allowed in an inline policy.

Question 25

What information is displayed in an application's Cloud Confidence Index (CCI) page? (Choose two.)

Options:

A.

top users by sessions

B.

policy violations

C.

GDPR readiness

D.

stock price

Question 26

You are required to create a policy that will notify and allow users to log into their personal Google Drive instance.

Which two policy components must be configured to enforce this use case? (Choose two.)

Options:

A.

Storage Constraint Profile

B.

Steering Exception

C.

User Alert

D.

User Constraint Profile

Question 27

Click the Exhibit button.

A user has the Netskope Client enabled with the correct steering configuration applied. The exhibit shows an inline policy that has a predefined webmail category blocked. However the user is still able to access Yahoo mail.

Which statement is correct in this scenario?

Options:

A.

The user is not part of the correct AD group or OU.

B.

The user is not steered using an explicit proxy.

C.

The webmail category does not include Yahoo mail when using an explicit proxy

D.

The user's AD group must be added to the policy.

Question 28

You want to see the actual data that caused the policy violation within a DLP Incident view.

In this scenario, which profile must be set up?

Options:

A.

Quarantine Profile

B.

Forensics Profile

C.

Legal Hold Profile

D.

a GDPR DLP Profile

Question 29

Users are connecting to sanctioned cloud applications from public computers, such as from a hotel business center.

Which traffic steering method would work in this scenario?

Options:

A.

proxy chaining

B.

IPsec/GRE tunnel

C.

reverse proxy

D.

steering client

Question 30

What are two CASB inline interception use cases? (Choose two.)

Options:

A.

blocking file uploads to a personal Box account

B.

running a retroactive scan for data at rest in Google Drive

C.

using the Netskope steering client to provide user alerts when sensitive information is posted in Slack

D.

scanning Dropbox for credit card information

Question 31

You want to take into account some recent adjustments to CCI scoring that were made in your Netskope tenant.

In this scenario, which two CCI aspects in the Ul would be used in a real-time protection policy? (Choose two.)

Options:

A.

App Tag

B.

CCL

C.

App Score

D.

GDPR Readiness

Question 32

You investigate a suspected malware incident and confirm that it was a false alarm.

Options:

A.

In this scenario, how would you prevent the same file from triggering another incident?

B.

Quarantine the file. Look up the hash at the VirusTotal website.

C.

Export the packet capture to a pcap file.

D.

Add the hash to the file filter.

Question 33

What are two uses for deploying a Netskope Virtual Appliance? (Choose two.)

Options:

A.

to use as a log parser to discover in-use cloud applications

B.

to use as a local reverse proxy to secure a SaaS application

C.

to use as an endpoint for Netskope Private Access (NPA)

D.

to use as a secure way to generate Exact Data Match hashes

Question 34

A customer changes CCI scoring from the default objective score to another score. In this scenario, what would be a valid reason for making this change?

Options:

A.

The customer has discovered a new SaaS application that is not yet rated in the CCI database.

B.

The customer's organization places a higher business risk weight on vendors that claim ownership of their data.

C.

The customer wants to punish an application vendor for providing poor customer service.

D.

The customer's organization uses a SaaS application that is currently listed as "under research".

Question 35

What are two uses for deploying a Netskope Virtual Appliance? (Choose two.)

Options:

A.

as an endpoint for Netskope Private Access (NPA)

B.

as a local reverse-proxy to secure a SaaS application

C.

as a log parser to discover in-use cloud applications

D.

as a Secure Forwarder to steer traffic

Question 36

In the Skope IT interface, which two event tables would be used to label a cloud application instance? (Choose two.)

Options:

A.

Network Events

B.

Page Events

C.

Application Events

D.

Alerts

Question 37

As an administrator, you are investigating an increase in the number of incidents related to compromised credentials. You are using the Netskope Compromised Credentials feature on your tenant to assess the situation. Which insights would you find when using this feature? (Choose two)

Options:

A.

Compromised usernames

B.

Breach information source

C.

Compromised passwords

D.

Affected managed applications

Question 38

Which two capabilities are part of Netskope's Adaptive Zero Trust Data Protection? (Choose two.)

Options:

A.

contextual risk awareness

B.

continuous adaptive policies

C.

continuous enforcement of all policies

D.

contextual metadata storage

Page: 1 / 10
Total 129 questions