New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Netskope NSK300 Dumps Questions Answers

Page: 1 / 5
Total 60 questions

Netskope Certified Cloud Security Architect Exam Questions and Answers

Question 1

You are consuming Audit Reports as part of a Salesforce API integration. Someone has made a change to a Salesforce account record field that should not have been made and you are asked to venfy the previous value of the structured data field. You have the approximate date and time of the change, user information, and the new field value.

How would you accomplish this task?

Options:

A.

Create a classic report and apply a query that filters on the changed field value.

B.

Use the Application Events Data Collection within Advanced Analytics and filter on the changed field value.

C.

Query Skope IT Page Events and look for the specific Page URL that was called under the Application section.

D.

Query Skope IT for an AccessMethod of API Connector and search Application Event Details for the Old Value field using the User details and Edit Activity.

Buy Now
Question 2

Your client is an NG-SWG customer. They are going to use the Explicit Proxy over Tunnel (EPoT) steering method. They have a specific list of domains that they do not want to steer to the Netskope Cloud.

What would accomplish this task''

Options:

A.

Define exception domains in the PAC file.

B.

Define exceptions in the Netskope steering configuration

C.

Create a real-time policy with a bypass action.

D.

Use an SSL decryption policy.

Question 3

Your CISO asks that you to provide a report with a visual representation of the top 10 applications (by number of objects) and their risk score. As the administrator, you decide to use a Sankey visualization in Advanced Analytics to represent the data in an efficient manner.

In this scenario, which two field types are required to produce a Sankey Tile in your report? {Choose two.)

Options:

A.

Dimension

B.

Measure

C.

Pivot Ranks

D.

Period of Type

Question 4

You deployed IPsec tunnels to steer on-premises traffic to Netskope. You are now experiencing problems with an application that had previously been working. In an attempt to solve the issue, you create a Steering Exception in the Netskope tenant tor that application: however, the problems are still occurring

Which statement is correct in this scenario?

Options:

A.

You must create a private application to steer Web application traffic to Netskope over an IPsec tunnel.

B.

Exceptions only work with IP address destinations

C.

Steering bypasses for IPsec tunnels must be applied at your edge network device.

D.

You must deploy a PAC file to ensure the traffic is bypassed pre-tunnel

Question 5

You are currently designing a policy for AWS S3 bucket scans with a custom DLP profile Which policy action(s) are available for this policy?

Options:

A.

Alert, Quarantine. Block, User Notification

B.

Alert, User Notification

C.

Alert only

D.

Alert,Quarantine

Question 6

You have multiple networking clients running on an endpoint and client connectivity is a concern. You are configuring co-existence with a VPN solution in this scenario, what is recommended to prevent potential routing issues?

Options:

A.

Configure the VPN to split tunnel traffic by adding the Netskope IP and Google DNS ranges and set to Exclude in the VPN configuration.

B.

Modify the VPN to operate in full tunnel mode at Layer 3. so that the Netskope agent will always see the traffic first.

C.

Configure the VPN to full tunnel traffic and add an SSL Do Not Decrypt policy to the VPN configuration for all Netskope traffic.

D.

Configure a Network Location with the VPN IP ranges and add it as a Steering Configuration exception.

Question 7

You are deploying the Netskope Client to Windows devices. The following command line would be used to install the client MSI file:

In this scenario, what is referring to in the command line?

Options:

A.

a Netskope user identifier

B.

the Netskope organization ID

C.

the URL of the IdP used to authenticate the users

D.

a private token given to you by the SCCM administrator

Question 8

Review the exhibit.

You are the proxy administrator for a medical devices company. You recently changed a pilot group of users from cloud app steering to all Web traffic. Pilot group users have started to report that they receive the error shown in the exhibit when attempting to access the company intranet site that is publicly available. During troubleshooting, you realize that this site uses your company's internal certificate authority for SSL certificates.

Which three statements describe ways to solve this issue? (Choose three.)

Options:

A.

Import the root certificate for your internal certificate authority into Netskope.

B.

Bypass SSL inspection for the affected site(s).

C.

Create a Real-time Protection policy to allow access.

D.

Change the SSL Error Settings from Block to Bypass in the Netskope tenant.

E.

Instruct the user to proceed past the error message

Question 9

A company wants to capture and maintain sensitive Pll data in a relational database to help their customers. There are many employees and contractors that need access to sensitive customer data to perform their duties The company wants to prevent theexfiltrationof sensitive customer data by their employees and contractors.

In this scenario. what would satisfy this requirement?

Options:

A.

fingerprinting

B.

exact data match

C.

regular expression

D.

machine learning

Question 10

Your company just had a new Netskope tenant provisioned and you are asked to create a secure tenant configuration. In this scenario, which two default settings should you change? {Choose two.)

Options:

A.

Change Safe Search to Disabled

B.

Change Untrusted Root Certificate to Block.

C.

Change the No SNI setting to Block.

D.

Change "Disallow concurrent logins by an Admin" to Enabled.

Question 11

You deployed the Netskope Client for Web steering in a large enterprise with dynamic steering. The steering configuration includes a bypass rule for an application that is IP restricted. What is the source IP for traffic to this application when the user is on-premises at the enterprise?

Options:

A.

Loopback IPv4

B.

Netskope data plane gateway IPv4

C.

Enterprise Egress IPv4

D.

DHCP assigned RFC1918 IPv4

Question 12

You are the network architect for a company using Netskope Private Access. Multiple users are reporting that they are unable to access an application using Netskope Private Access that was working previously. You have verified that the Real-time Protection policy allows access to the application, private applications are steered for the users, and the application is reachable from internal machines. You must verify that the application is reachable through Netskope Publisher

In this scenario, which two tools in the Netskope Ul would you use to accomplish this task? (Choose two.)

Options:

A.

Reachability Via Publisher in the App Definitions page

B.

Troubleshooter tool in the App Definitions page

C.

Applications in Skope IT

D.

Clear Private App Auth under Users in Skope IT

Question 13

You need to extract events and alerts from the Netskope Security Cloud platform and push it to a SIEM solution. What are two supported methods to accomplish this task? (Choose two.)

Options:

A.

Use Cloud Ticket Orchestrator.

B.

Use Cloud Log Shipper.

C.

Stream directly to syslog.

D.

Use the REST API.

Question 14

Your organization's software deployment team did the initial install of the Netskope Client with SCCM. As the Netskope administrator, you will be responsible for all up-to-date upgrades of the client.

Which two actions would be required to accomplish this task9 (Choose two.)

Options:

A.

In the Client Configuration, set Upgrade Client Automatically to Latest Release.

B.

Set the installmode-IDP flag during the original Install.

C.

Set the autoupdate-on flag during the original Install.

D.

In the Client Configuration, set Upgrade Client Automatically to Specific Golden Release.

Question 15

You deployed Netskope Cloud Security Posture Management (CSPM) using pre-defined benchmark rules to monitor your cloud posture in AWS, Azure, and GCP. You are asked to assess if you can extend the Netskope CSPM solution by creating custom rules for each environment.

Which statement is correct?

Options:

A.

Custom rules using Domain Specific Language are only available when using SSPM.

B.

You will need to evaluate SaaS Security Posture Management (SSPM) in addition to CSPM so that rules applied to GCP will align with Google Workspace

C.

With Netskope CSPM, you can create custom rules using Domain Specific Language for AWS. Azure, but not for GCP.

D.

With Netskope CSPM, you can create custom rules using Domain Specific Language for AWS. Azure, and GCP

Question 16

You want to integrate with a third-party DLP engine that requires ICAP. In this scenario, which Netskope platform component must be configured?

Options:

A.

On-Premises Log Parser (OPLP)

B.

Secure Forwarder

C.

Netskope Cloud Exchange

D.

Netskope Adapter

Question 17

Review the exhibit.

A user has attempted to upload a file to Microsoft OneDrive that contains source code with Pll and PCI data.

Referring to the exhibit, which statement Is correct?

Options:

A.

The user will be blocked and a single Incident will be generated referencing the DLP-PCI profile.

B.

The user will be blocked and a single Incident will be generated referencing all of the matching DLP profiles

C.

The user will be blocked and a separate incident will be generated for each of the matching DLP profiles.

D.

The user will be alerted and a single incident will be generated referencing the DLP-PII profile.

Question 18

Your company purchased Netskope's Next Gen Secure Web Gateway You are working with your network administrator to create GRE tunnels to send traffic to Netskope Your network administrator has set up the tunnel, keepalives. and a policy-based route on your corporate router to send all HTTP and HTTPS traffic to Netskope. You want to validate that the tunnel is configured correctly and that traffic is flowing.

In this scenario, which two statements are correct? (Choose two.)

Options:

A.

You can use your local router or network device to verify that keepalives are being received and traffic is flowing to Netskope.

B.

You must use your own monitoring tools to verify that the tunnel is up.

C.

You can verify that the tunnel is up and receiving traffic in the Netskope Ul under Settings > Security Cloud Platform > GRE.

D.

You can verify that the tunnel is up in the Netskope Trust portal at https://trust netskope.com/.

Page: 1 / 5
Total 60 questions