Pre-Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Netskope > NCCSI > NSK200

NSK200 Netskope Certified Cloud Security Integrator (NCCSI) Question and Answers

Question # 4

Your company needs to keep quarantined files that have been triggered by a DLP policy. In this scenario, which statement Is true?

A.

The files are stofed remotely In your data center assigned In the Quarantine profile.

B.

The files are stored In the Netskope data center assigned in the Quarantine profile.

C.

The files are stored In the Cloud provider assigned In the Quarantine profile.

D.

The files are stored on the administrator console PC assigned In the Quarantine profile.

Full Access
Question # 5

You want to secure Microsoft Exchange and Gmail SMTP traffic for DLP using Netskope. Which statement is true about this scenario when using the Netskope client?

A.

Netskope can inspect outbound SMTP traffic for Microsoft Exchange and Gmail.

B.

Enable Cloud Firewall to Inspect Inbound SMTP traffic for Microsoft Exchange and Gmail.

C.

Netskope can inspect inbound and outbound SMTP traffic for Microsoft Exchange and Gmail.

D.

Enable REST API v2 to Inspect inbound SMTP traffic for Microsoft Exchange and Gmail.

Full Access
Question # 6

Review the exhibit.

You are at the Malware Incident page. A virus was detected by the Netskope Heuristics Engine. Your security team has confirmed that the virus was a test data file You want to allow the security team to use this file

Referring to the exhibit, which two statements are correct? (Choose two.)

A.

Click the " Add To File Filter button to add the IOC to a file list.

B.

Contact the CrowdStrike administrator to have the file marked as safe.

C.

Click the ' ' Lookup VirusTotal " button to verify if this IOC is a false positive.

D.

Create a malware detection profile and update the file hash list with the IOC.

Full Access
Question # 7

You are given an MD5 hash of a file suspected to be malware by your security incident response team. They ask you to offer insight into who has encountered this file and from where was the threat initiated. In which two Skope IT events tables would you search to find the answers to these questions? (Choose two.)

A.

Application Events

B.

Network Events

C.

Alerts

D.

Page Events

Full Access
Question # 8

Review the exhibit.

You want to create a custom URL category to apply a secure Web gateway policy combining your own list of URLs and Netskope predefined categories.

In this scenario, which task must be completed?

A.

Add the URL list to the Client configuration.

B.

Add the URL list to a Custom category.

C.

Add the URL list to a Steering configuration.

D.

Add the URL list to a Real-time Protection policy.

Full Access
Question # 9

You are troubleshooting an issue with Microsoft where some users complain about an issue accessing OneDrive and SharePoint Online. The configuration has the Netskope client deployed and active for most users, but some Linux machines are routed to Netskope using GRE tunnels. You need to disable inspection for all users to begin troubleshooting the issue.

In this scenario, how would you accomplish this task?

A.

Create a Real-time Protection policy to isolate Microsoft 365.

B.

Create a Do Not Decrypt SSL policy for the Microsoft 365 App Suite.

C.

Create a steering exception for the Microsoft 365 domains.

D.

Create a Do Not Decrypt SSL policy for OneDrive.

Full Access
Question # 10

While most Web and SaaS traffic is decrypted for inspection, you are asked to prevent a certain host on the network from SSL decryption for privacy purposes.

A.

Create a steering exception for the host.

B.

Create a Real-time Protection policy, select the host, and choose to block SSL decryption.

C.

Create a Source Network Location for a Do Not Decrypt SSL policy.

D.

Add the host to the certificate-pinned application list.

Full Access
Question # 11

You are testing policies using the DLP predefined identifier " Card Numbers (Major Networks; all). " No DLP policy hits are observed.

A.

You must use Netskope API protection.

B.

Your data must have valid credit card numbers.

C.

You must normalize credit card numbers to 16-digit consecutive numbers.

D.

You must use the Netskope client to perform advanced DLP and optical character recognition.

Full Access
Question # 12

Your company has Microsoft Azure ADFS set up as the Identity Provider (idP). You need to deploy the Netskope client to all company users on Windows laptops without user intervention.

In this scenario, which two deployment options would you use? (Choose two.)

A.

Deploy the Netskope client with SCCM.

B.

Deploy the Netskope client with Microsoft GPO.

C.

Deploy the Netskope client using IdP.

D.

Deploy the Netskope client using an email Invitation.

Full Access
Question # 13

You want to prevent a document stored in Google Drive from being shared externally with a public link.

A.

Quarantine

B.

Threat Protection policy

C.

API Data Protection policy

D.

Real-time Protection policy

Full Access
Question # 14

You want to allow both the user identities and groups to be imported in the Netskope platform. Which two methods would satisfy this requirement? (Choose two.)

A.

Use System for Cross-domain Identity Management (SCIM).

B.

Use Manual Entries.

C.

Use Directory Importer.

D.

Use Bulk Upload with a CSV file.

Full Access
Question # 15

Review the exhibit.

You receive a service request from a user who indicates that their Netskope client is in a disabled state. The exhibit shows an excerpt (rom the affected client nsdebuglog.log.

What is the problem in this scenario?

A.

User authentication failed during IdP-based enrollment.

B.

The Netskope client connection is being decrypted.

C.

Custom installation parameters are incorrectly specified

D.

The user ' s account has not been provisioned into Netskope.

Full Access
Question # 16

You are preparing to deploy Netskope at your company. Users will be 100% remote but are required to deploy the Netskope client to access any company resources. Management wants to ensure that the Netskope client cannot be installed by users outside of the company. In this scenario, how do you ensure that the correct users get connected to Netskope?

A.

Enroll users using the corporate IdP.

B.

Enroll users using corporate OAuth.

C.

Enroll users using an email invitation.

D.

Enroll users using Netskope UEBA.

Full Access
Question # 17

Examine the image provided.

You are asked to provide the results of a cloud risk assessment to your executive team. The results must be presented visually, as well as have the ability to drill down and pivot on the data. Referring to the image, what will satisfy the requirements in this scenario?

A.

Netskope Advanced Analytics

B.

Netskope Reports

C.

Skope IT Application Events

D.

Discovered Apps in the Cloud Confidence Index (CCI)

Full Access
Question # 18

Review the exhibit.

Given the information shown below:

-for PCI data uploads, you want to provide no notification,

-for PHI data uploads, you want to allow users to proceed by clicking OK,

-for GDPR data uploads, you want to provide block notification,

-if none of the above matches, you want to provide no notification.

You want to reduce the number of policies by combining multiple DLP profiles Into one policy.

Referring to the exhibit, which two statements are true? (Choose two.)

A.

You must open a support ticket to enable the Advanced Policies feature.

B.

You must check the " set action for each profile " flag.

C.

You can have only one action if you use multiple DLP profiles in the same policy.

D.

You can apply a unique action to each profile In the same policy.

Full Access
Question # 19

You are creating an API token to allow a DevSecOps engineer to create and update a URL list using REST API v2. In this scenario, which privilege(s) do you need to create in the API token?

A.

Provide read and write access for the " /events " endpoint.

B.

Provide read and write access for the " /urllist " endpoint.

C.

Provide only read access for the " /urllist " endpoint.

D.

Provide only write access for the " /urllist " endpoint.

Full Access
Question # 20

An engineering firm is using Netskope DLP to identify and block sensitive documents, including schematics and drawings. Lately, they have identified that when these documents are blocked, certain employees may be taking screenshots and uploading them. They want to block any screenshots from being uploaded.

Which feature would you use to satisfy this requirement?

A.

exact data match (EDM)

B.

document fingerprinting

C.

ML image classifier

D.

optical character recognition (OCR)

Full Access
Question # 21

Netskope is being used as a secure Web gateway. Your organization ' s URL list changes frequently. In this scenario, what makes It possible for a mass update of the URL list in the Netskope platform?

A.

REST API v2

B.

Assertion Consumer Service URL

C.

Cloud Threat Exchange

D.

SCIM provisioning

Full Access
Question # 22

Which statement describes a requirement for deploying a Netskope Private Application (NPA) Publisher?

A.

The publisher must be deployed in a public cloud environment, such as AWS.

B.

The publisher must be deployed in a private data center.

C.

The publisher must be deployed on the network where the private application will be accessed.

D.

The publisher ' s name must match the name of the application process that it will access.

Full Access
Question # 23

You discover the ongoing use of the native Dropbox client in your organization. Although Dropbox is not a corporate-approved application, you do not want to prevent the use of Dropbox. You do, however, want to ensure visibility into its usage.

A.

Change Windows and Mac steering exception actions to use Tunnel mode and set Netskope as the source IP address for SSO services.

B.

Modify the existing tenant steering exception configuration to block the Dropbox native application to force users to use the Dropbox website.

C.

Remove all Dropbox entries from the tenant steering SSL configuration entirely.

D.

Create a new tenant steering exception type of Destination Locations that contains the Dropbox application.

Full Access
Question # 24

Review the exhibit.

Referring to the exhibit, which three statements are correct? (Choose three.)

A.

The request was processed successfully.

B.

A request was submitted to extract application event details.

C.

An invalid token was used.

D.

The request was limited to the first 5000 records.

E.

The request was confined to only the " Professional Networking and Social " category.

Full Access
Question # 25

Your company wants to know if there has been any unusual user activity. In the UI, you go to Skope IT - > Alerts.

Which two types of alerts would you filter to find this information? (Choose two.)

A.

Alert type = uba

B.

Alert type = anomaly

C.

Alert type = malware

D.

Alert type = policy

Full Access
Question # 26

Your customer has some managed Windows-based endpoints where they cannot add any clients or agents. For their users to have secure access to their SaaS application, you suggest that the customer use Netskope ' s Explicit Proxy.

Which two configurations are supported for this use case? (Choose two.)

A.

Endpoints can be configured to directly use the Netskope proxy.

B.

Endpoints must have separate steering configurations in the tenant settings.

C.

Endpoints must be configured in the device section of the tenant to interoperate with all proxies.

D.

Endpoints can be configured to use a Proxy Auto Configuration (PAC) file.

Full Access
Question # 27

Your customer currently only allows users to access the corporate instance of OneDrive using SSO with the Netskope client. The users are not permitted to take their laptops when vacationing, but sometimes they must have access to documents on OneDrive when there is an urgent request. The customer wants to allow employees to remotely access OneDrive from unmanaged devices while enforcing DLP controls to prohibit downloading sensitive files to unmanaged devices.

Which steering method would satisfy the requirements for this scenario?

A.

Use a reverse proxy integrated with their SSO.

B.

Use proxy chaining with their cloud service providers integrated with their SSO.

C.

Use a forward proxy integrated with their SSO.

D.

Use a secure forwarder integrated with an on-premises proxy.

Full Access
Question # 28

Deploying the Netskope Client using IdP requires which two prerequisites? (Choose two.)

A.

The user must be authenticated using IdP.

B.

The Home POP Domain must be preconfigured using the client CLI parameters.

C.

The tenant name will be automatically determined during IdP authentication.

D.

The IdP mode parameter must be specified when installing the client.

Full Access