Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Netskope NSK300 - Netskope Certified Cloud Security Architect Exam

Page: 1 / 3
Total 81 questions

You are responsible for data security at a large hospital. You need to protect patient personal data including patient ID numbers, e-mail addresses, billing addresses, and credit card numbers that are stored in your database. You want to reduce false positives because you have limited resources for incident response. Which Netskope DLP capability would you use in this scenario?

A.

Use the predefined DLP AMRA profile.

B.

Use the predefined DLP HIPAA profile.

C.

Choose Medical Classifiers in a custom DLP profile.

D.

Create a custom Exact Match rule in a custom DLP profile.

Your company purchased Netskope ' s Next Gen Secure Web Gateway You are working with your network administrator to create GRE tunnels to send traffic to Netskope Your network administrator has set up the tunnel, keepalives. and a policy-based route on your corporate router to send all HTTP and HTTPS traffic to Netskope. You want to validate that the tunnel is configured correctly and that traffic is flowing.

In this scenario, which two statements are correct? (Choose two.)

A.

You can use your local router or network device to verify that keepalives are being received and traffic is flowing to Netskope.

B.

You must use your own monitoring tools to verify that the tunnel is up.

C.

You can verify that the tunnel is up and receiving traffic in the Netskope UI under Settings > Security Cloud Platform > GRE.

D.

You can verify that the tunnel is up in the Netskope Trust portal at https://trust netskope.com/.

You want to verify that Google Drive is being tunneled to Netskope by looking in the nsdebuglog file. You are using Chrome and the Netskope Client to steer traffic. In this scenario, what would you expect to see in the log file?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Users in your network are attempting to reach a website that has a self-signed certificate using a GRE tunnel to Netskope. They are currently being blocked by Netskope with an SSL error. How would you allow this traffic?

A.

Configure a Do Not Decrypt SSL Decryption rule to allow traffic to pass.

B.

Configure a Real-time Protection policy with the action set to Allow.

C.

Set the No SNI setting in Netskope to Bypass.

D.

Ensure that the users add the self-signed certificate to their local certificate store.

You just deployed and registered an NPA publisher for your first private application and need to provide access to this application for the Human Resources (HR) users group only. How would you accomplish this task?

A.

1. Enable private app steering in the Steering Configuration assigned to the HR group.2. Create a new Private App.3. Create a new Real-time Protection policy as follows;Source = HR user group Destination = Private App Action = Allow

B.

1. Create a new private app and assign it to the HR user group.2. Create a new Real-time Protection policy as follows:Source = HR user group Destination = Private App Action = Allow.

C.

1. Enable private app steering in Tenant Steering Configuration.2. Create a new private app and assign it to the HR user group.

D.

1. Enable private app steering in the Steering Configuration assigned to the HR group.2. Create a new private app and assign it to the HR user group3. Create a new Real-time Protection policy as follows:Source = HR user group Destination = Private App Action = Allow

You do not want a scheduled Advanced Analytics dashboard to be automatically updated when Netskope makes improvements to that dashboard. In this scenario, what would you do to retain the original dashboard?

A.

Create a new dashboard from scratch that mimics the Netskope dashboard you want to use.

B.

Copy the dashboard into your Group or Personal folders and schedule from these folders.

C.

Ask Netskope Support to provide the dashboard and import into your Personal folder.

D.

Download the dashboard you want and Import from File into your Group or Personal folder.

You are implementing a solution to deploy Netskope for machine traffic in an AWS account across multiple VPCs. You want to deploy the least amount of tunnels while providing connectivity for all VPCs.

How would you accomplish this task?

A.

Use IPsec tunnels from the AWS Virtual Private Gateway.

B.

Use GRE tunnels from the AWS Transit Gateway.

C.

Use GRE tunnels from the AWS Virtual Private Gateway

D.

Use IPsec tunnels from the AWS Transit Gateway.

Your organization recently purchased Netskope API SharePoint for Business to get a better understanding of how much intellectual property is being stored in the platform. Your CISO wants to ensure that the current investment will be fully maximized and asks you to provide other use cases that the API can solve. In this scenario, what are two other benefits of this API? (Choose two.)

A.

Prevent downloads of your sensitive content to personal machines.

B.

Prevent users from adding any new files to a SharePoint site.

C.

Audit all activities associated with your sensitive content.

D.

Discover malware files.

Your customer is currently using Directory Importer with Active Directory (AD) to provision users to Nelskope. They have recently acquired three new companies (A. B. and C) and want to onboard users from the companies onto the Netskope platform. Information about the companies is shown below.

- Company A uses Active Directory.

-- Company B uses Azure AD.

-- Company C uses Okta Universal Directory.

Which statement is correct in this scenario?

A.

Users from Company B and Company C cannot be provisioned because the customer is already using AD Importer.

B.

Either Company B or Company C users cannot be provisioned because integration with only one SCIM solution is allowed.

C.

Users from Companies A. B, and C can be provisioned to Netskope by deploying additional AD Importers and integrating more than one SCIM solution.

D.

Company A users cannot be provisioned to Netskope because the customer is already using AD Importer to import users from another Active Directory environment.

You are currently designing a policy for AWS S3 bucket scans with a custom DLP profile Which policy action(s) are available for this policy?

A.

Alert, Quarantine. Block, User Notification

B.

Alert, User Notification

C.

Alert only

D.

Alert, Quarantine