Winter Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

NSK300 Netskope Certified Cloud Security Architect Exam Questions and Answers

Questions 4

Your Netskope Client tunnel has connected to Netskope; however, the user is not receiving any steering or client configuration updates What would cause this issue?

Options:

A.

The client is unable to establish communication to add-on-[tenantl.goskope.com.

B.

The client is unable to establish communication to gateway-(tenant|.goskope.com.

C.

The Netskope Client service is not running.

D.

An invalid steering exception was created in the tenant

Buy Now
Questions 5

You are already using Netskope CSPM to monitor your AWS accounts for compliance. Now you need to allow access from your company-managed devices running the Netskope Client to only Amazon S3 buckets owned by your organization. You must ensure that any current buckets and those created in the future will be allowed

Which configuration satisfies these requirements?

Options:

A.

Steering: Cloud Apps Only, All Traffic Policy type: Real-time Protection

Constraint: Storage. Bucket Does Not Match -ALLAccounts Action: Block

B.

Steering: Cloud Apps Only Policy type: Real-time Protection

Constraint: Storage. Bucket Does Not Match *@myorganization.com Action: Block

C.

Steering: Cloud Apps Only. All Traffic Policy type: Real-time Protection Constraint: Storage. Bucket Does Match -ALLAccounts Action: Allow

D.

Steering: All Web Traffic Policy type: API Data Protection

Constraint: Storage, Bucket Does Match *@myorganization.com Action: Allow

Buy Now
Questions 6

You have enabled CASB traffic steering using the Netskope Client, but have not yet enabled a Real-time Protection policy. What is the default behavior of the traffic in this scenario?

Options:

A.

Traffic will be blocked and logged.

B.

Traffic will be allowed and logged.

C.

Traffic will be blocked, but not logged.

D.

Traffic will be allowed, but not logged.

Buy Now
Questions 7

A company needs to block access to their instance of Microsoft 365 from unmanaged devices. They have configured Reverse Proxy and have also created a policy that blocks login activity for the AD group "marketing-users" for theReverse Proxy access method. During UAT testing, they notice that access from unmanaged devices to Microsoft 365 is not blocked for marketing users.

What is causing this issue?

Options:

A.

There is a missing group name in the SAML response.

B.

The username in the name ID field is not in the format of the e-mail address.

C.

There is an invalid certificate in the SAML response.

D.

The username in the name ID field does not have the "marketing-users" group name.

Buy Now
Questions 8

Review the exhibit.

NSK300 Question 8

A user has attempted to upload a file to Microsoft OneDrive that contains source code with Pll and PCI data.

Referring to the exhibit, which statement Is correct?

Options:

A.

The user will be blocked and a single Incident will be generated referencing the DLP-PCI profile.

B.

The user will be blocked and a single Incident will be generated referencing all of the matching DLP profiles

C.

The user will be blocked and a separate incident will be generated for each of the matching DLP profiles.

D.

The user will be alerted and a single incident will be generated referencing the DLP-PII profile.

Buy Now
Questions 9

You want to enable the Netskope Client to automatically determine whether it is on-premises or off-premises. Which two options in the Netskope Ul would you use to accomplish this task? (Choose two.)

Options:

A.

the All Traffic option in the Steering Configuration section of the Ul

B.

the New Exception option in the Traffic Steering options of the Ul

C.

the Enable Dynamic Steering option in the Steering Configuration section of the Ul

D.

the On Premises Detection option under the Client Configuration section of the Ul

Buy Now
Questions 10

You are asked to ensure that a Web application your company uses is both reachable and decrypted by Netskope. This application is served using HTTPS on port 6443. Netskope is configured with a default Cloud Firewall configuration and the steering configuration is set for All Traffic.

Which statement is correct in this scenario?

Options:

A.

Create a Firewall App in Netskope along with the corresponding Real-time Protection policy to allow the traffic.

B.

Nothing isrequired since Netskope is steering all traffic.

C.

Enable "Steernon-standard ports" in the steering configuration and add the domain and port as a new non-standard port

D.

Enable "Steer non-standard ports" in the steering configuration and create a corresponding Real-time Protection policy to allow the traffic

Buy Now
Questions 11

You have an NG-SWG customer that currently steers all Web traffic to Netskope using the Netskope Client. They have identified one new native application on Windows devices that is a certificate-pinned application. Users are not able to access the application due to certificate pinning. The customer wants to configure the Netskope Client so that the traffic from the application is steered to Netskope and the application works as expected.

Which two methods would satisfy the requirements? (Choose two.)

Options:

A.

Bypass traffic using the bypass action in the Real-time Protection policy.

B.

Configure the SSL Do Not Decrypt policy to not decrypt traffic for domains used by the native application.

C.

Configure domain exceptions in the steering configuration for the domains used by the native application.

D.

Tunnel traffic to Netskope and bypass traffic inspection at the Netskope proxy.

Buy Now
Questions 12

Your CISO asks that you to provide a report with a visual representation of the top 10 applications (by number of objects) and their risk score. As the administrator, you decide to use a Sankey visualization in Advanced Analytics to represent the data in an efficient manner.

In this scenario, which two field types are required to produce a Sankey Tile in your report? {Choose two.)

Options:

A.

Dimension

B.

Measure

C.

Pivot Ranks

D.

Period of Type

Buy Now
Questions 13

Your company purchased Netskope's Next Gen Secure Web Gateway You are working with your network administrator to create GRE tunnels to send traffic to Netskope Your network administrator has set up the tunnel, keepalives. and a policy-based route on your corporate router to send all HTTP and HTTPS traffic to Netskope. You want to validate that the tunnel is configured correctly and that traffic is flowing.

In this scenario, which two statements are correct? (Choose two.)

Options:

A.

You can use your local router or network device to verify that keepalives are being received and traffic is flowing to Netskope.

B.

You must use your own monitoring tools to verify that the tunnel is up.

C.

You can verify that the tunnel is up and receiving traffic in the Netskope Ul under Settings > Security Cloud Platform > GRE.

D.

You can verify that the tunnel is up in the Netskope Trust portal at https://trust netskope.com/.

Buy Now
Questions 14

A hospital has a patient form that they share with their patients over Gmail. The blank form can be freely shared among anyone. However, if the form has any information filled out. the document is considered confidential.

Which rule type should be used in the DLP profile to match such a document?

Options:

A.

Use fingerprint classification.

B.

Use a dictionary rule for all your patient names.

C.

Use Exact Match with patient names

D.

Use predefined DLP Rule(s) that match the patient name.

Buy Now
Questions 15

Review the exhibit.

NSK300 Question 15

You are asked to integrate Netskope with Crowdstrike EDR. You added the Remediation profile shown in the exhibit.

Which action will this remediation profile take?

Options:

A.

The endpoint will be isolated.

B.

The malware hash will be added as an IOC in Crowdstrike.

C.

The malware will be quarantined.

D.

The malware hash will be added as an IOC in Netskope.

Buy Now
Questions 16

You are asked to create a customized restricted administrator role in your Netskope tenant for a newly hired employee. Which two statements are correct in this scenario? (Choose two.)

Options:

A.

An admin role prevents admins from downloading and viewing file content by default.

B.

The scope of the data shown in the Ul can be restricted to specific events.

C.

All role privileges default to Read Only for all functional areas.

D.

Obfuscation can be applied to all functional areas.

Buy Now
Questions 17

Your client is an NG-SWG customer. They are going to use the Explicit Proxy over Tunnel (EPoT) steering method. They have a specific list of domains that they do not want to steer to the Netskope Cloud.

What would accomplish this task''

Options:

A.

Define exception domains in the PAC file.

B.

Define exceptions in the Netskope steering configuration

C.

Create a real-time policy with a bypass action.

D.

Use an SSL decryption policy.

Buy Now
Questions 18

You are using Netskope CSPM for security and compliance audits across your multi-cloud environments. To decrease the load on the security operations team, you are researching how to auto-re mediate some of the security violations found in low-risk environments.

Which statement is correct in this scenario?

Options:

A.

Netskope does not support automatic remediation of security violation results due to the high risk associated with it.

B.

You can use Netskope API-enabled Protection for auto-remediation of security violation results.

C.

You can use Netskope Auto-remediation frameworks from the public Netskope GitHub Open Source repository for auto-re mediation of security violation results.

D.

You can use Netskope Cloud Exchange for auto-remediation of security violation results.

Buy Now
Exam Code: NSK300
Exam Name: Netskope Certified Cloud Security Architect Exam
Last Update: Dec 3, 2024
Questions: 60

PDF + Testing Engine

$66  $164.99

Testing Engine

$50  $124.99
buy now NSK300 testing engine

PDF (Q&A)

$42  $104.99
buy now NSK300 pdf