NSK200ブレーン問題集リアル試験最新問題2024年02月24日には62問題 [Q21-Q39]

Share

NSK200ブレーン問題集リアル試験最新問題2024年02月24日には62問題

最新NSK200のPDF問題集リアル無料テスト本日更新です

質問 # 21
A city uses many types of forms, including permit applications. These forms contain personal and financial information of citizens. Remote employees download these forms and work directly with the citizens to complete them. The city wants to be able to identify and monitor the specific forms and block the employees from downloading completed forms.
Which feature would you use to accomplish this task?

  • A. regular expressions (regex)
  • B. optical character recognition (OCR)
  • C. document fingerprinting
  • D. exact data match (EDM)

正解:C

解説:
Explanation
To identify and monitor the specific forms used by the city and block the employees from downloading completed forms, you need to use document fingerprinting. Document fingerprinting is a feature that allows you to create a unique signature for a document based on its content and structure. You can then use this signature to match other documents that are similar or identical to the original document3. You can create a document fingerprinting profile in Netskope by uploading a sample document or selecting one from your cloud services4. You can then use this profile in your data protection policies to apply actions such as block, alert, or quarantine to the documents that match the fingerprint5. Therefore, option C is correct and the other options are incorrect. References: Document Fingerprinting - Netskope Knowledge Portal, Create a Document Fingerprinting Profile - Netskope Knowledge Portal, Add a Policy for Data Protection - Netskope Knowledge Portal


質問 # 22
Review the exhibit.

While diagnosing an NPA connectivity issue, you notice an error message in the Netskope client logs.
Referring to the exhibit, what does this error represent?

  • A. There Is an EDNS or LDNS resolution error.
  • B. The Netskope client has been load-balanced to a different data center.
  • C. The primary publisher is unavailable or cannot be reached.
  • D. There Is an upstream device trying to intercept the NPA TLS connection.

正解:D

解説:
Explanation
The error message in the exhibit represents that there is an upstream device trying to intercept the NPA TLS connection. The error message is "ERROR SSL certificate verification failed: self signed certificate in certificate chain". This means that the Netskope client is receiving a certificate that is not issued by Netskope, but by a device that is intercepting and decrypting the traffic between the client and the Netskope cloud. This can cause the client to fail to establish a secure connection to the NPA service and access the private applications4. To solve this problem, you need to either bypass or trust the upstream device that is performing SSL decryption, such as a firewall or proxy5. Therefore, option D is correct and the other options are incorrect. References: Troubleshooting Netskope Client - Netskope Knowledge Portal, Netskope Client Troubleshooting Guide - The Netskope Community


質問 # 23
You have deployed a development Web server on a public hosting service using self-signed SSL certificates.
After some troubleshooting, you determined that when the Netskope client is enabled, you are unable to access the Web server over SSL. The default Netskope tenant steering configuration is in place.
In this scenario, which two settings are causing this behavior? (Choose two.)

  • A. Incomplete certificate trust chains are blocked.
  • B. Untrusted root certificates are blocked.
  • C. Self-signed server certificates are blocked.
  • D. SSL pinned certificates are blocked.

正解:B、C

解説:
Explanation
The default Netskope tenant steering configuration blocks untrusted root certificates and self-signed server certificates. These settings are intended to prevent man-in-the-middle attacks and ensure the validity of the SSL connection. However, they also prevent the access to the development Web server that uses self-signed SSL certificates. To allow access to the Web server, the settings need to be changed or an exception needs to be added for the Web server domain.


質問 # 24
Your company has many users thatare remote and travel often. You want to provide the greatest visibility into their activities, even while traveling. Using Netskope. which deployment method would be used in this scenario?

  • A. Use a Netskope client.
  • B. Use proxy chaining.
  • C. Use an IPsec tunnel.
  • D. Use a GRE tunnel.

正解:A

解説:
Explanation
The best deployment method for remote and traveling users is to use a Netskope client. The Netskope client is a lightweight software agent that runs on the user's device and steers web and cloud traffic to the Netskope cloud for real-time inspection and policy enforcement1. The Netskope client provides an always-on end user remote access experience and avoids backhauling (or hairpinning) remote users through the corporate network to access applications in public cloud environments2. The Netskope client also supports offline mode, which allows users to work offline and sync their policies when they reconnect to the internet


質問 # 25
The director of IT asks for confirmation If your organization's Web traffic would be blocked when the Netskope client fails. In this situation, what would confirm the fail close status?

  • A. Review the nsdebuglog.log.
  • B. View Application events.
  • C. Review user settings.
  • D. Perform a right-click on the Netskope client icon using your mouse.

正解:A

解説:
Explanation
The method that would confirm the fail close status is B. Review the nsdebuglog.log. The nsdebuglog.log is a log file that contains information about the Netskope client's status, configuration, events, errors, etc. You can review the nsdebuglog.log file to confirm the fail close status by looking for a line that says
"failCloseStatus":"1". This indicates that the fail close option is enabled for the Netskope client4. The fail close option is a feature that allows you to block all web traffic when the Netskope client fails or loses connection to the Netskope cloud5. Therefore, option B is correct and the other options are incorrect. References: Troubleshooting Netskope Client - Netskope Knowledge Portal, Client Configuration - Netskope Knowledge Portal


質問 # 26
Your customer currently only allows users to access the corporate instance of OneDrive using SSO with the Netskope client. The users are not permitted to take their laptops when vacationing, but sometimes they must have access to documents on OneDrive when there is an urgent request. The customer wants to allow employees to remotely access OneDrive from unmanaged devices while enforcing DLP controls to prohibit downloading sensitive files to unmanaged devices.
Which steering method would satisfy the requirements for this scenario?

  • A. Use a forward proxy integrated with their SSO.
  • B. Use proxy chaining with their cloud service providers integrated with their SSO.
  • C. Use a secure forwarder integrated with an on-premises proxy.
  • D. Use a reverse proxy integrated with their SSO.

正解:D

解説:
Explanation
A reverse proxy integrated with their SSO would satisfy the requirements for this scenario. A reverse proxy intercepts requests from users to cloud apps and applies policies based on user identity, device posture, app, and data context. It can enforce DLP controls to prohibit downloading sensitive files to unmanaged devices. It can also integrate with the customer's SSO provider to authenticate users and allow access only to the corporate instance of OneDrive.The other steering methods are not suitable for this scenario because they either require the Netskope client or do not provide granular control over cloud app activities.


質問 # 27
Your customer implements Netskope Secure Web Gateway to secure all Web traffic. While they have created policies to block certain categories, there are many new sites available dally that are not yet categorized. The customer's users need quick access and cannot wait to put in a request to gain access requiring a policy change or have the site's category changed.
To solve this problem, which Netskope feature would provide quick, safe access to these types of sites?

  • A. Netskope Cloud Firewall (CFW)
  • B. Netskope SaaS Security Posture Management (SSPM)
  • C. Netskope Continuous Security Assessment (CSA)
  • D. Netskope Remote Browser Isolation (RBI)

正解:D

解説:
Explanation
To solve the problem of providing quick, safe access to uncategorized and risky websites, the Netskope feature that the customer should use is Netskope Remote Browser Isolation (RBI). Netskope RBI is a part of the Netskope Secure Web Gateway offering that intercepts a user's browsing session to a website, acting as a proxy that fetches the content for that user and renders the content in an isolated browsing instance. The rendered content is delivered to the user's browser as a safe stream of pixels. This safely silos the end user's device and the enterprise network and systems, separating it from their browsing activity and restricting the ability of an attacker to establish control and / or breach other systems and exfiltrate data1. Netskope RBI can be easily invoked with an 'isolate' policy action within the Netskope Security Cloud for any website category or domain2. Therefore, option B is correct and the other options are incorrect. References: Remote Browser Isolation - Netskope Knowledge Portal, Netskope Remote Browser Isolation - Netskope


質問 # 28
Netskope support advised you to enable DTLS for belter performance. You added firewall rules to allow UDP port 443 traffic. These settings are part of which configuration element when enabled in the Netskope tenant?

  • A. Real-time Protection policies
  • B. client configuration
  • C. steering configuration
  • D. SSL decryption policies

正解:B

解説:
Explanation
DTLS (Datagram Transport Layer Security) is a protocol that provides secure communication over UDP. It is an option that can be enabled in the client configuration settings in the Netskope tenant. Enabling DTLS can improve the performance of the Netskope client, especially in high latency or packet loss scenarios. DTLS is not related to Real-time Protection policies, SSL decryption policies, or steering configuration, which are different configuration elements in the Netskope tenant. References: Client Configuration Settings 3, Netskope Client Performance 4


質問 # 29
You want to reduce false positives by only triggering policies when contents of your customer database are uploaded to Dropbox. Your maximum database size is 2 MB. In this scenario, what are two ways to accomplish this task? (Choose two.)

  • A. Use a Netskope virtual appliance to create an exact match hash.
  • B. Send the .csv export to Netskope using a support ticket with the subject, "create exact match hash".
  • C. Use the Netskope client to upload the .csv export to the Netskope management plane DLP container.
  • D. Upload the .csv export lo the Netskope tenant DLP rules section to create an exact match hash.

正解:A、D

解説:
Explanation
To reduce false positives by only triggering policies when contents of your customer database are uploaded to Dropbox, you can use two methods: Upload the .csv export to the Netskope tenant DLP rules section to create an exact match hash. This is a method that allows you to upload a file containing structured data, such as a customer database, to the Netskope tenant and generate a hash of the data. The hash is then used to match the data in the cloud traffic and trigger DLP policies. This method is suitable for files that are less than 10 MB in size. To upload the file, you need to go to Policies > Data Protection > DLP Rules and click on Exact Match Hashes. Then you can select the file from your local system and upload it. Use a Netskope virtual appliance to create an exact match hash. This is a method that allows you to create a file containing structured data, such as a customer database, and upload it to the Netskope cloud using a virtual appliance. The virtual appliance encrypts the file before uploading it and generates a hash of the data. The hash is then used to match the data in the cloud traffic and trigger DLP policies. This method is suitable for files that are larger than 10 MB in size. To create the file, you need to follow a specific format and save it as a .csv file. To upload the file, you need to use the request dlp-pdd upload command on the virtual appliance CLI. The other options are not valid methods for this task. You cannot use the Netskope client to upload the .csv export to the Netskope management plane DLP container, as this is not a supported feature of the client. You cannot send the .csv export to Netskope using a supportticket with the subject, "create exact match hash", as this is not a secure or efficient way of creating an exact match hash. References: Create an Exact Match Hash from the UI1, Create an Exact Match Hash from a Virtual Appliance2


質問 # 30
Your customer is concerned aboutmalware in their AWS S3 buckets. What two actions would help with this scenario? (Choose two.)

  • A. Create an API protection policy to quarantine malware in their AWS S3 buckets.
  • B. Enable Threat Protection (Malware Scan) for all of their AWS instances to Identify malware.
  • C. Create a real-time policy to block malware uploads to their AWS instances.
  • D. Create a threatprofile to quarantine malware in their AWS S3 buckets.

正解:A、B

解説:
Explanation
To help the customer with the scenario of malware in their AWS S3 buckets, two actions that would help are B: Enable Threat Protection (Malware Scan) for all of their AWS instances to identify malware and C. Create an API protection policy to quarantine malware in their AWS S3 buckets. Threat Protection (Malware Scan) is a feature that allows you to scan files in your cloud services, such as AWS S3, for malware using Netskope's advanced threat protection engine. You can enable Threat Protection (Malware Scan) for all of your AWS instances in the Netskope tenant by going to Settings > Cloud Services > AWS > Threat Protection and selecting the Enable Malware Scan option1. This will help you identify malware in your AWS S3 buckets and generate alerts for further action. An API protection policy is a rule that specifies the actions and notifications that Netskope applies to the data that is already resident in your cloud services, such as AWS S3, based on various criteria. You can create an API protection policy to quarantine malware in your AWS S3 buckets by going to Policies > API Protection > New Policy and selecting the AWS service, the Malware Scan data identifier, and the Quarantine action in the policy page2. This will help you isolate malware in your AWS S3 buckets and prevent it from spreading or being accessed by unauthorized users. Therefore, options B and C are correct andthe other options are incorrect. References: Threat Protection (Malware Scan) - Netskope Knowledge Portal, Add a Policy for API Protection - Netskope Knowledge Portal


質問 # 31
You want to secure Microsoft Exchange and Gmail SMTP traffic for DLP using Netskope. Which statement is true about this scenario when using the Netskope client?

  • A. Enable Cloud Firewall to Inspect Inbound SMTP traffic for Microsoft Exchange and Gmail.
  • B. Netskope can inspect inbound and outbound SMTP traffic for Microsoft Exchange and Gmail.
  • C. Netskope can inspect outbound SMTP trafficfor Microsoft Exchange and Gmail.
  • D. Enable REST API v2 to Inspect inbound SMTP traffic for Microsoft Exchange and Gmail.

正解:C

解説:
Explanation
Netskope can inspect outbound SMTP traffic for Microsoft Exchange and Gmail using the Netskope client.
The Netskope client intercepts the SMTP traffic from the user's device and forwards it to the Netskope cloud for DLP scanning. The Netskope client does not inspect inbound SMTP traffic, as this is handled by the cloud email service or the MTA. Therefore, option A is correct and the other options are incorrect. References: Configure Netskope SMTP Proxy with Microsoft O365 Exchange, Configure Netskope SMTP Proxy with Gmail, SMTP DLP, Best Practices for Email Security with SMTP proxy


質問 # 32
To which three event types does Netskope's REST API v2 provide access? (Choose three.)

  • A. client
  • B. application
  • C. infrastructure
  • D. user
  • E. alert

正解:B、C、E

解説:
Explanation
Netskope's REST API v2 provides access to various event types via URI paths. The event types include application, alert, infrastructure, audit, incident, network, and page. These event types can be used to retrieve data from Netskope's cloud security platform. The event types client and user are not supported by the REST API v2. References: REST API v2 Overview, Cribl Netskope Events and Alerts Integration, REST API Events and Alerts Response Descriptions


質問 # 33
You want to allow both the user identities and groups to be imported in the Netskope platform. Which two methods would satisfy this requirement? (Choose two.)

  • A. Use Manual Entries.
  • B. Use Directory Importer.
  • C. Use System for Cross-domain Identity Management (SCIM).
  • D. Use Bulk Upload with a CSV file.

正解:C、D

解説:
Explanation
To allow both the user identities and groups to be imported in the Netskope platform, you can use either the System for Cross-domain Identity Management (SCIM) method or the Bulk Upload with a CSV file method.
Both of these methods allow for the import of user identities and groups from different identity providers (IdPs) that support SCIM or CSV formats. The SCIM method is recommended for large-scale deployments, as it automates the exchange of user identity information across apps for user provisioning. The CSV method is recommended for small-scale deployments, as it allows for manual upload of user details in a comma-separated values file. The other methods are not suitable for this requirement. The Manual Entries method does not allow for the import of groups, only user emails. The Directory Importer method does not import users and groups directly into the Netskope platform, but rather connects to an Active Directory or LDAP server and periodically fetches user and group information.
References: Provisioning Users for Netskope Client2, SCIM Integration3, Bulk Upload via CSV file


質問 # 34
Review the exhibit.

You are troubleshooting a Netskope clientfor user Clarke which remains in a disabled state after being installed. After looking at various logs, you notice something which might explain the problem. The exhibit is an excerpt from the nsADImporterLog.log.
Referring to the exhibit, what is the problem?

  • A. This is normal; it might take up to an hour to be enabled.
  • B. The client traffic is decrypted by a network security device.
  • C. The client was not Installed with administrative privileges.
  • D. The Active Directory user is not synchronized to the Netskope tenant.

正解:D

解説:
Explanation
The problem is B. The Active Directory user is not synchronized to the Netskope tenant. This is evident from the log message "WARNING No mail ID for the user: Clarke, Daxmeifield, DC=local, skipping use". This means that the user Clarke does not have a valid email address in the Active Directory, which is required for the Netskope client to work. The Netskope client uses the email address of the user to authenticate and enable the client. Therefore, option B is correct and the other options are incorrect.


質問 # 35
A customer wants to use Netskope to prevent PCI data from leaving the corporate sanctioned OneDrive instance. In this scenario. which two solutions would assist in preventing data exfiltration? (Choose two.)

  • A. Cloud Firewall (CFW)
  • B. SaaS Security Posture Management (SSPM)
  • C. Real-time Protection
  • D. API Data Protection

正解:C、D

解説:
Explanation
To prevent PCI data from leaving the corporate sanctioned OneDrive instance, the customer can use API Data Protection and Real-time Protection. API Data Protection is a feature that allows you to discover, classify, and protect data that is already resident in your cloud services, such as OneDrive. You can create a policy that matches the PCI data based on criteria such as users, content, activity, or DLP profiles. Then, you can choose an action to prevent the PCI data from being shared or exfiltrated, such as remove external collaborators, remove public links, or quarantine3. Real-time Protection is a feature that allows you to inspect and control data in transit between your users and cloud services, such as OneDrive. You can create a policy that matches the PCI data based on criteria such as users, devices, locations, categories, or DLP profiles. Then, you can choose an action to prevent the PCI data from being uploaded or downloaded, such as block, alert, encrypt, or watermark4. Therefore, options A and D are correct and the other options are incorrect. References: API Data Protection - Netskope Knowledge Portal, Real-time Protection - Netskope Knowledge Portal


質問 # 36
What is the purpose of the filehash list in Netskope?

  • A. It providesClient Threat Exploit Prevention (CTEP).
  • B. It is used to allow and block URLs.
  • C. It provides the file types that Netskope can inspect.
  • D. It configures blocklist and allowlist entries referenced in the custom Malware Detection profiles.

正解:D

解説:
Explanation
The purpose of the file hash list in Netskope is to configure blocklist and allowlist entries referenced in the custom Malware Detection profiles. A file hash list is a collection of MD5 or SHA-256 hashes that represent files that you want to allow or block in your organization. You can create a file hash list when adding a file profile and use it as an allowlist or blocklist for files in your organization1. You can then select the file hash list when creating a Malware Detection profile2.


質問 # 37
You are integrating Netskope tenant administration with an external identity provider. You need to implement role-based access control. Which two statements are true about this scenario? (Choose two.)

  • A. You need to define the administrators locally in the Netskope tenant.
  • B. You do not need to define the administrators locally in the Netskope tenant after It Is integrated with IdP.
  • C. The roles you want to assign must be present in the Netskope tenant.
  • D. Once integrated withIdP. you must append the "locallogin" URL to log in using IdP

正解:A、C

解説:
Explanation
To implement role-based access control when integrating Netskope tenant administration with an external identity provider (IdP), two statements that are true about this scenario are A. The roles you want to assign must be present in the Netskope tenant and C. You need to define the administrators locally in the Netskope tenant. Role-based access control (RBAC) is a feature that allows you to assign different levels of permissions and access to the Netskope tenant based on the user's role. You can use RBAC to integrate Netskope tenant administration with an external IdP such as Azure AD or Okta and delegate administrative tasks to different users or groups1. To do this, you need to ensure that the roles you want to assign are present in the Netskope tenant. You can use the predefined roles such as SYSADMIN, AUDITOR, or OPERATOR, or create custom roles with specific privileges2. You also need to define the administrators locally in the Netskope tenant by creating local user accounts and assigning them roles. You can use the same email address as the IdP user account for the local useraccount3. Therefore, options A and C are correct and the other options are incorrect. References: Role-Based Access Control - Netskope Knowledge Portal, Roles - Netskope Knowledge Portal, Integrate with Azure AD - Netskope Knowledge Portal


質問 # 38
Your organization has three main locations with 30.000 hosts in each location. You are planning to deploy Netskope using iPsec tunnels for security.
What are two considerations to make a successful connection in this scenario? (Choose two.)

  • A. operating systems
  • B. redundant POPs
  • C. number of hosts
  • D. browsers in use

正解:B、C

解説:
Explanation
To deploy Netskope using IPSec tunnels for security in this scenario, two considerations to make a successful connection are C. redundant POPs and D. number of hosts. Redundant POPs are Points of Presence that are geographically distributed data centers that host the Netskope cloud platform. You need to consider redundant POPs to ensure high availability and resiliency of your IPSec tunnels in case of a failure or outage in one of the POPs. You can configure multiple IPSec tunnels from your network to different POPs and use dynamic routing protocols such as BGP to load balance and failover the traffic1. Number of hosts is the number of devices or endpoints that will use the IPSec tunnels to access the cloud services. You need to consider the number of hosts to estimate the bandwidth and throughput requirements of your IPSec tunnels and choose the appropriate POPs that can handle the traffic volume. You can use the Netskope Bandwidth Calculator tool to estimate the bandwidth and throughput based on the number of hosts, locations, and cloud services2.
Therefore, options C and D are correct and the other options are incorrect. References: IPSec - Netskope Knowledge Portal, Netskope Bandwidth Calculator


質問 # 39
......

NSK200問題集には100%厳密検証された問題と解答で合格保証もしくは全額返金:https://www.jpntest.com/shiken/NSK200-mondaishu

合格させるNetskope NSK200試験には練習テスト問題集豪華お試しセット:https://drive.google.com/open?id=1b_ruBN7cnOm-n8Orr7k4FaGLXdedJdfI

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡