Summer Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Netskope NSK200 Netskope Certified Cloud Security Integrator (NCCSI) Exam Practice Test

Page: 1 / 10
Total 96 questions

Netskope Certified Cloud Security Integrator (NCCSI) Questions and Answers

Question 1

Your customer is concerned about malware in their AWS S3 buckets. What two actions would help with this scenario? (Choose two.)

Options:

A.

Create a real-time policy to block malware uploads to their AWS instances.

B.

Enable Threat Protection (Malware Scan) for all of their AWS instances to Identify malware.

C.

Create an API protection policy to quarantine malware in their AWS S3 buckets.

D.

Create a threat profile to quarantine malware in their AWS S3 buckets.

Question 2

Your learn is asked to Investigate which of the Netskope DLP policies are creating the most incidents. In this scenario, which two statements are true? (Choose two.)

Options:

A.

The Skope IT Applications tab will list the top five DLP policies.

B.

You can see the top Ave DLP policies triggered using the Analyze feature

C.

You can create a report using Reporting or Advanced Analytics.

D.

The Skope IT Alerts tab will list the top five DLP policies.

Question 3

Your customer implements Netskope Secure Web Gateway to secure all Web traffic. While they have created policies to block certain categories, there are many new sites available dally that are not yet categorized. The customer ' s users need quick access and cannot wait to put in a request to gain access requiring a policy change or have the site ' s category changed.

To solve this problem, which Netskope feature would provide quick, safe access to these types of sites?

Options:

A.

Netskope Cloud Firewall (CFW)

B.

Netskope Remote Browser Isolation (RBI)

C.

Netskope Continuous Security Assessment (CSA)

D.

Netskope SaaS Security Posture Management (SSPM)

Question 4

You want to prevent a document stored in Google Drive from being shared externally with a public link. What would you configure in Netskope to satisfy this requirement?

Options:

A.

Threat Protection policy

B.

API Data Protection policy

C.

Real-time Protection policy

D.

Quarantine

Question 5

Netskope is being used as a secure Web gateway. Your organization ' s URL list changes frequently. In this scenario, what makes It possible for a mass update of the URL list in the Netskope platform?

Options:

A.

REST API v2

B.

Assertion Consumer Service URL

C.

Cloud Threat Exchange

D.

SCIM provisioning

Question 6

Your company needs to keep quarantined files that have been triggered by a DLP policy. In this scenario, which statement Is true?

Options:

A.

The files are stofed remotely In your data center assigned In the Quarantine profile.

B.

The files are stored In the Netskope data center assigned in the Quarantine profile.

C.

The files are stored In the Cloud provider assigned In the Quarantine profile.

D.

The files are stored on the administrator console PC assigned In the Quarantine profile.

Question 7

You want to allow both the user identities and groups to be imported in the Netskope platform. Which two methods would satisfy this requirement? (Choose two.)

Options:

A.

Use System for Cross-domain Identity Management (SCIM).

B.

Use Manual Entries.

C.

Use Directory Importer.

D.

Use Bulk Upload with a CSV file.

Question 8

You are comparing the behavior of Netskope ' s Real-time Protection policies to API Data Protection policies. In this Instance, which statement is correct?

Options:

A.

All real-time policies are enforced, regardless of sequential order, while API policies are analyzed sequentially from top to bottom and stop once a policy Is matched.

B.

Both real-time and API policies are analyzed sequentially from top to bottom and stop once a policy Is matched.

C.

All API policies are enforced, regardless of sequential order, while real-time policies are analyzed sequentially from top to bottom and stop once a policy Is matched.

D.

Both real-time and API policies are all enforced, regardless of sequential order.

Question 9

Your customer has some managed Windows-based endpoints where they cannot add any clients or agents. For their users to have secure access to their SaaS application, you suggest that the customer use Netskope ' s Explicit Proxy.

Which two configurations are supported for this use case? (Choose two.)

Options:

A.

Endpoints can be configured to directly use the Netskope proxy.

B.

Endpoints must have separate steering configurations in the tenant settings.

C.

Endpoints must be configured in the device section of the tenant to interoperate with all proxies.

D.

Endpoints can be configured to use a Proxy Auto Configuration (PAC) file.

Question 10

Review the exhibit.

Question # 10

Your Real-time Protection policy contains some rules with only a browse activity. The exhibit shows a new policy rule.

Where is the correct location to place this rule?

Options:

A.

at the bottom

B.

before browse activity

C.

after browse activity

D.

at the top

Question 11

You are troubleshooting an issue with Microsoft where some users complain about an issue accessing OneDrive and SharePoint Online. The configuration has the Netskope client deployed and active for most users, but some Linux machines are routed to Netskope using GRE tunnels. You need to disable inspection for all users to begin troubleshooting the issue.

In this scenario, how would you accomplish this task?

Options:

A.

Create a Real-time Protection policy to isolate Microsoft 365.

B.

Create a Do Not Decrypt SSL policy for the Microsoft 365 App Suite.

C.

Create a steering exception for the Microsoft 365 domains.

D.

Create a Do Not Decrypt SSL policy for OneDrive.

Question 12

Your company asks you to use Netskope to integrate with Endpoint Detection and Response (EDR) vendors such as Crowdstrike.

Which two requirements are needed for a successful integration and sharing of threat data? (Choose two.)

Options:

A.

Remediation profile

B.

Device classification

C.

API Client ID

D.

Custom log parser

Question 13

Which statement describes how Netskope ' s REST API, v1 and v2, handles authentication?

Options:

A.

Both REST API v1 and v2 require the use of tokens to make calls to the API

B.

Neither REST API v1 nor v2 require the use of tokens.

C.

REST API v2 requires the use of a token to make calls to the API. while API vl does not.

D.

REST API v1 requires the use of a token to make calls to the API. while API v2 does not.

Question 14

Your company wants to deploy Netskope using a tunnel because you have a mixture of device operating systems. You also do not want to enable encryption because you want to maximize bandwidth.

Options:

A.

explicit proxy

B.

IPsec

C.

proxy chaining

D.

GRE

Question 15

Your IT organization is migrating its user directory services from Microsoft Active Directory to a cloud-based Identity Provider (IdP) solution, Azure AD. You are asked to adapt the Netskope user provisioning process to work with this new cloud-based IdP.

Options:

A.

Directory Importer

B.

Microsoft GPO

C.

SCIMApp

D.

Manual Import

Question 16

You are an administrator writing Netskope Real-time Protection policies and must determine proper policy ordering.

Which two statements are true in this scenario? (Choose two.)

Options:

A.

You must place Netskope private access malware policies in the middle.

B.

You do not need to create an " allow all " Web Access policy at the bottom.

C.

You must place DLP policies at the bottom.

D.

You must place high-risk block policies at the top.

Question 17

Which object would be selected when creating a Malware Detection profile?

Options:

A.

DLP profile

B.

File profile

C.

Domain profile

D.

User profile

Question 18

You are provisioning Netskope users from Okta with SCIM Provisioning, and users are not showing up in the tenant. In this scenario, which two Netskope components should you verify first In Okta for accuracy? (Choose two.)

Options:

A.

IdP Entity ID

B.

OAuth token

C.

Netskope SAML certificate

D.

SCIM server URL

Question 19

Review the exhibit.

Question # 19

You are troubleshooting a Netskope client for user Clarke which remains in a disabled state after being installed. After looking at various logs, you notice something which might explain the problem. The exhibit is an excerpt from the nsADImporterLog.log.

Referring to the exhibit, what is the problem?

Options:

A.

The client was not Installed with administrative privileges.

B.

The Active Directory user is not synchronized to the Netskope tenant.

C.

This is normal; it might take up to an hour to be enabled.

D.

The client traffic is decrypted by a network security device.

Question 20

Review the exhibit.

Question # 20

Referring to the exhibit, which three statements are correct? (Choose three.)

Options:

A.

The request was processed successfully.

B.

A request was submitted to extract application event details.

C.

An invalid token was used.

D.

The request was limited to the first 5000 records.

E.

The request was confined to only the " Professional Networking and Social " category.

Question 21

Review the exhibit.

Question # 21

You are asked to restrict users from accessing YouTube content tagged as Sport. You created the required real-time policy; however, users can still access the content

Referring to the exhibit, what is the problem?

Options:

A.

The website is in a steering policy exception.

B.

The policy changes have not been applied.

C.

The YouTube content cannot be controlled.

D.

The traffic matched a Do Not Decrypt policy

Question 22

You created the Netskope application in your IdP for user provisioning and validated that the API Integration settings are correct and functional. However, you are not able to push the user groups from the IdP into your Netskope tenant.

Options:

A.

The IdP group contains active users, as well as one or more deactivated users.

B.

The IdP does not have Create User permissions.

C.

You do not have enough users assigned to the IdP group.

D.

You failed to push the IdP users before attempting to push the IdP groups.

Question 23

Which statement describes a requirement for deploying a Netskope Private Application (NPA) Publisher?

Options:

A.

The publisher must be deployed in a public cloud environment, such as AWS.

B.

The publisher must be deployed in a private data center.

C.

The publisher must be deployed on the network where the private application will be accessed.

D.

The publisher ' s name must match the name of the application process that it will access.

Question 24

Review the exhibit.

Question # 24

You want to create a custom URL category to apply a secure Web gateway policy combining your own list of URLs and Netskope predefined categories.

In this scenario, which task must be completed?

Options:

A.

Add the URL list to the Client configuration.

B.

Add the URL list to a Custom category.

C.

Add the URL list to a Steering configuration.

D.

Add the URL list to a Real-time Protection policy.

Question 25

You are currently migrating users away from a legacy proxy to the Netskope client in the company’s corporate offices. You have deployed the client to a pilot group; however, when the client attempts to connect to Netskope, it fails to establish a tunnel.

In this scenario, what would cause this problem?

Options:

A.

The legacy proxy is intercepting SSL/TLS traffic to Netskope.

B.

The corporate firewall is blocking UDP port 443 to Netskope.

C.

The corporate firewall is blocking the Netskope EPoT address.

D.

The client cannot reach dns.google for EDNS resolution.

Question 26

You are deploying a Netskope client in your corporate office network. You are aware of firewall or proxy rules that need to be modified to allow traffic.

Which two statements are true in this scenario? (Choose two.)

Options:

A.

You need to allow TLS 1.1 traffic to pass through the firewalls from the users ' IP to all destinations.

B.

You must enable SSL decryption in the proxy to inspect the Netskope tunnel.

C.

It is recommended to allow UDP port 443 to the Netskope IP ranges to allow DTLS.

D.

You need to allow TCP port 443 to the Netskope IP ranges or domains.

Question 27

Your organization has a homegrown cloud application. You are required to monitor the activities that users perform on this cloud application such as logins, views, and downloaded files. Unfortunately, it seems Netskope is unable to detect these activities by default.

How would you accomplish this goal?

Options:

A.

Enable access to the application with Netskope Private Access.

B.

Ensure that the cloud application is added as a steering exception.

C.

Ensure that the application is added to the SSL decryption policy.

D.

Create a new cloud application definition using the Chrome extension.

Question 28

You are using Skope IT to analyze and correlate a security incident. You are seeing too many events generated by API policies. You want to filter for logs generated by the Netskope client only.

Options:

A.

Use the access_method filter and select Client from the dropdown menu.

B.

Use the access_method filter and select Tunnel from the dropdown menu.

C.

Use the access_method filter and select Logs from the dropdown menu.

D.

Use query mode and use access_method neq Client.

Page: 1 / 10
Total 96 questions