Netskope NSK200 - Netskope Certified Cloud Security Integrator (NCCSI)

Creating a steering exception for the host is the appropriate action to prevent SSL decryption on specific network traffic. Steering exceptions allow you to bypass decryption for designated hosts, which is useful for privacy-sensitive scenarios​​.

If there are no references to the private application in the npadebuglog.log, it is likely that the user is not added to the required real-time policy. Without proper policy assignment, the user’s traffic will not be routed correctly through the private access setup, causing access issues​.

To continuously detect and enforce compliance standards for their Microsoft 365 and Azure applications, the customer needs to use Netskope SaaS Security Posture Management (SSPM) and Netskope Continuous Security Assessment (CSA). Netskope SSPM allows the customer to monitor, assess, and act on security, permission, and access related issues in their SaaS environment, such as Microsoft 365. Netskope SSPM continuously checks security posture by comparing SaaS app settings with security policies and industry benchmarks (CIS, PCI-DSS, NIST, HIPAA, CSA, GDPR, AIPCA, ISO, and more). It also provides visibility and control over third-party apps that are connected to the managed apps1. Netskope CSA allows the customer to discover, audit, and remediate misconfigurations in their IaaS environment, such as Azure. Netskope CSA continuously monitors and audits cloud configurations against industry standards, CIS benchmarks, and regulatory frameworks. It also provides real-time inline protection to secure public clouds from threats and data loss2. Therefore, options A and D are correct and the other options are incorrect. References: SaaS Security Posture Management - Netskope, Public Cloud Security Solutions - Netskope

To prevent PCI data from leaving the corporate sanctioned OneDrive instance, the customer can use API Data Protection and Real-time Protection. API Data Protection is a feature that allows you to discover, classify, and protect data that is already resident in your cloud services, such as OneDrive. You can create a policy that matches the PCI data based on criteria such as users, content, activity, or DLP profiles. Then, you can choose an action to prevent the PCI data from being shared or exfiltrated, such as remove external collaborators, remove public links, or quarantine3. Real-time Protection is a feature that allows you to inspect and control data in transit between your users and cloud services, such as OneDrive. You can create a policy that matches the PCI data based on criteria such as users, devices, locations, categories, or DLP profiles. Then, you can choose an action to prevent the PCI data from being uploaded or downloaded, such as block, alert, encrypt, or watermark4. Therefore, options A and D are correct and the other options are incorrect. References: API Data Protection - Netskope Knowledge Portal, Real-time Protection - Netskope Knowledge Portal

To deploy Netskope using proxy chaining with Symantec BlueCoat proxy on-premises, you need to enable two prerequisites first: Enable SSL decryption on your Symantec BlueCoat proxy. This is required for proxy chaining because Netskope needs to inspect the SSL traffic that is sent from your proxy to the Netskope cloud. To enable SSL decryption, you need to configure your Symantec BlueCoat proxy to trust the Netskope certificate for SSL interception. You can download the certificate from Settings > Manage > Certificates > Signing CA in the Netskope UI. Enable the X-Forwarded-For HTTP header on your Symantec BlueCoat proxy. This is required for proxy chaining because Netskope needs to identify the original source IP address of the user behind your proxy. The X-Forwarded-For header is used to pass this information from your proxy to Netskope. To enable this header, you need to configure your Symantec BlueCoat proxy to send X-Forwarded-For HTTP header for all HTTP requests. The other options are not valid prerequisites for this scenario. You do not need to disable SSL decryption on your Symantec BlueCoat proxy, as this would prevent Netskope from inspecting the SSL traffic. You do not need to disable the X-Authenticated-User header on your Symantec BlueCoat proxy, as this is an optional header that can be used to pass additional user information from your proxy to Netskope. References: Proxy Chaining3, Configure Forcepoint for Proxy Chaining

To apply different actions for each DLP profile in the same policy, you need to enable the "set action for each profile" flag. This allows you to configure unique actions (e.g., block, allow) for each DLP profile within a single combined policy, thus reducing the total number of policies needed​​.

The purpose of the file hash list in Netskope is to configure blocklist and allowlist entries referenced in the custom Malware Detection profiles. A file hash list is a collection of MD5 or SHA-256 hashes that represent files that you want to allow or block in your organization. You can create a file hash list when adding a file profile and use it as an allowlist or blocklist for files in your organization1. You can then select the file hash list when creating a Malware Detection profile2.