Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Netskope NSK300 - Netskope Certified Cloud Security Architect Exam

Page: 2 / 3
Total 81 questions

Review the exhibit.

SelfSignedCert (self signed certificate in certificate chain) Blocked by SSL_SELF_SIGNED. The destination is not reachable. Contact your IT administrator with the following error.

You are the proxy administrator for a medical devices company. You recently changed a pilot group of users from cloud app steering to all Web traffic. Pilot group users have started to report that they receive the error shown in the exhibit when attempting to access the company intranet site that is publicly available. During troubleshooting, you realize that this site uses your company’s internal certificate authority for SSL certificates. Which three statements describe ways to solve this issue? (Choose three.)

A.

Create a Real-time Protection policy to allow access.

B.

Instruct the user to proceed past the error message.

C.

Bypass SSL inspection for the affected site(s).

D.

Change the SSL Error Settings from Block to Bypass in the Netskope UI.

E.

Import the root certificate for your internal certificate authority into Netskope.

You have users connecting to Netskope from around the world You need a way for your NOC to quickly view the status of the tunnels and easily visualize where the tunnels are located. Which Netskope monitoring tool would you use in this scenario?

A.

Network Steering in Digital Experience Management

B.

Network Events in Skope IT

C.

Web Usage Summary in Advanced Analytics

D.

Alerts in Skope IT

You are the network architect for a company using Netskope Private Access. Multiple users are reporting that they are unable to access an application using Netskope Private Access that was working previously. You have verified that the Real-time Protection policy allows access to the application, private applications are steered for the users, and the application is reachable from internal machines. You must verify that the application is reachable through Netskope Publisher

In this scenario, which two tools in the Netskope UI would you use to accomplish this task? (Choose two.)

A.

Reachability Via Publisher in the App Definitions page

B.

Troubleshooter tool in the App Definitions page

C.

Applications in Skope IT

D.

Clear Private App Auth under Users in Skope IT

You are building an architecture plan to roll out Netskope for on-premises devices. You determine that tunnels are the best way to achieve this task due to a lack of support for explicit proxy in some instances and IPsec is the right type of tunnel to achieve the desired security and steering.

What are three valid elements that you must consider when using IPsec tunnels in this scenario? (Choose three.)

A.

cipher support on tunnel-initiating devices

B.

bandwidth considerations

C.

the categories to be blocked

D.

the impact of threat scanning performance

E.

Netskope Client behavior when on-premises

You are attempting to merge two Advanced Analytics reports with DLP incidents: Report A with 3000 rows and Report B with 6000 rows. Once merged, you notice that the merged report is missing a significant number of rows.

What is causing this behavior?

A.

Netskope automatically deduplicates data in merged reports.

B.

Missing data is due to viewing limits.

C.

Filters are applied differently to dimensions and measures

D.

Visualizations have a system limit of 5000 rows.

You want to enable the Netskope Client to automatically determine whether it is on-premises or off-premises. Which two options in the Netskope UI would you use to accomplish this task? (Choose two.)

A.

the All Traffic option in the Steering Configuration section of the Ul

B.

the New Exception option in the Traffic Steering options of the Ul

C.

the Enable Dynamic Steering option in the Steering Configuration section of the Ul

D.

the On Premises Detection option under the Client Configuration section of the Ul

Your client is an NG-SWG customer. They are going to use the Explicit Proxy over Tunnel (EPoT) steering method. They have a specific list of domains that they do not want to steer to the Netskope Cloud.

What would accomplish this task?

A.

Define exception domains in the PAC file.

B.

Define exceptions in the Netskope steering configuration

C.

Create a real-time policy with a bypass action.

D.

Use an SSL decryption policy.

You have an NG-SWG customer that currently steers all Web traffic to Netskope using the Netskope Client. They have identified one new native application on Windows devices that is a certificate-pinned application. Users are not able to access the application due to certificate pinning. The customer wants to configure the Netskope Client so that the traffic from the application is steered to Netskope and the application works as expected.

Which two methods would satisfy the requirements? (Choose two.)

A.

Bypass traffic using the bypass action in the Real-time Protection policy.

B.

Configure the SSL Do Not Decrypt policy to not decrypt traffic for domains used by the native application.

C.

Configure domain exceptions in the steering configuration for the domains used by the native application.

D.

Tunnel traffic to Netskope and bypass traffic inspection at the Netskope proxy.

You configured a pair of IPsec funnels from the enterprise edge firewall to a Netskope data plane. These tunnels have been implemented to steer traffic for a set of defined HTTPS SaaS applications accessed from end-user devices that do not support the Netskope Client installation. You discover that all applications steered through this tunnel are non-functional.

According to Netskope. how would you solve this problem?

A.

Restart the tunnel to stop the tunnel from flapping.

B.

Downgrade from IKE v2 to IKE v1.

C.

Install the Netskope root and intermediate certificates on the end-user devices.

D.

Disable Perfect Forward Secrecy on the tunnel configuration.

You receive a report from your endpoint team that a device may no longer be running the Netskope Client. You only know the hostname of the machine in question. You want to remotely verify whether the client is still installed and steering traffic and which user is assigned to the device. In this scenario, how would you accomplish this task?

A.

Enable IP restrictions for a sanctioned application and see if any users report an access problem.

B.

Under Skope IT Users, look at the Users Over Time graph for any anomalies.

C.

Under the Netskope Client Devices page, search for the hostname in question and identify the current Client Status and User information.

D.

Under Skope IT Applications Events, query by hostname and determine the last event date and time.