NSK200 Exam Questions Tutorials

Placing high-risk block policies at the top ensures that critical blocks are enforced first, protecting against the most severe threats. Additionally, an "allow all" Web Access policy at the bottom is not necessary, as policy defaults can handle remaining traffic not explicitly addressed by other rules​​.

To implement role-based access control when integrating Netskope tenant administration with an external identity provider (IdP), two statements that are true about this scenario are A. The roles you want to assign must be present in the Netskope tenant and C. You need to define the administrators locally in the Netskope tenant. Role-based access control (RBAC) is a feature that allows you to assign different levels of permissions and access to the Netskope tenant based on the user’s role. You can use RBAC to integrate Netskope tenant administration with an external IdP such as Azure AD or Okta and delegate administrative tasks to different users or groups1. To do this, you need to ensure that the roles you want to assign are present in the Netskope tenant. You can use the predefined roles such as SYSADMIN, AUDITOR, or OPERATOR, or create custom roles with specific privileges2. You also need to define the administrators locally in the Netskope tenant by creating local user accounts and assigning them roles. You can use the same email address as the IdP user account for the local user account3. Therefore, options A and C are correct and the other options are incorrect. References: Role-Based Access Control - Netskope Knowledge Portal, Roles - Netskope Knowledge Portal, Integrate with Azure AD - Netskope Knowledge Portal

To create a report to view the top five categories of unsanctioned applications accessed in the last 90 days, the security analyst would need to use two data collections in Advanced Analytics: Application Events and Network Events. Application Events provide information about the cloud applications and websites accessed by users, such as app name, app category, app risk score, app instance, app version, and more. Network Events provide information about the network traffic generated by users, such as source IP, destination IP, protocol, port, bytes sent, bytes received, and more. By combining these two data collections, the security analyst can filter the events by app category, app risk score, and time range to create a report that shows the top five categories of unsanctioned applications accessed in the last 90 days. Alerts and Page Events are not relevant for this report. Alerts provide information about the alerts triggered by Real-time Protection or API Data Protection policies, such as alert type, alert severity, alert status, alert description, and more. Page Events provide information about the web pages visited by users, such as page title, page URL, page category, page risk score, page content type, and more. References: Advanced Analytics

GRE tunnels are the optimal choice in this scenario. GRE is a commonly used, non-encrypted tunneling protocol that supports a variety of device operating systems, and it offers efficient bandwidth usage without encryption overhead, which aligns with the company’s requirements​​.