NSK200練習試験テスト最新問題2024年02月
NSK200試験を一発合格保証問題集!
質問 # 29
Review the exhibit.
You are at the Malware Incident page. A virus was detected by the Netskope Heuristics Engine. Your security team has confirmed that the virus was a test data file You want to allow the security team to use this file Referring to the exhibit, which two statements are correct? (Choose two.)
- A. Create a malware detection profile and update the file hash list with the IOC.
- B. Click the "Add To File Filter button to add the IOC to a file list.
- C. Click the ''Lookup VirusTotal" button to verify if this IOC is a false positive.
- D. Contact the CrowdStrike administrator to have the file marked as safe.
正解:B、C
解説:
Explanation
To allow the security team to use the test data file that was detected as a virus by the Netskope Heuristics Engine, the following two steps are correct:
Click the "Add To File Filter" button to add the IOC to a file list. This will exclude the file from future malware scans and prevent false positive alerts. The file list can be managed in the Settings > File Filter page1.
Click the "Lookup VirusTotal" button to verify if this IOC is a false positive. This will open a new tab with the VirusTotal report for the file hash. VirusTotal is a service that analyzes files and URLs for viruses, worms, trojans, and other kinds of malicious content. The report will show how many antivirus engines detected the file as malicious and provide additional information about the file2.
https://docs.netskope.com/en/netskope-help/admin-console/incidents/
質問 # 30
Review the exhibit.
You are asked to create a DLP profile that will ensure that the data shown in the exhibit cannot be uploaded to a user's personal Google Drive.
What must be used to accomplish this task?
- A. INTL-PAN-Name rule
- B. ML image classifier
- C. optical character recognition
- D. document fingerprinting
正解:C
解説:
Explanation
To create a DLP profile that will ensure that the data shown in the exhibit cannot be uploaded to a user's personal Google Drive, you need to use optical character recognition (OCR). OCR is a feature that allows you to detect and extract text from images and scanned documents. You can use OCR in your DLP profiles to identify sensitive data that is embedded or hidden in images1. In the exhibit, we can see that the data is a credit card number, which is a type of sensitive data that can be easily identified by OCR. You can create a DLP profile that uses OCR and matches the credit card number data identifier or a custom regex expression. You can then apply an action such as block, alert, or quarantine to prevent the data from being uploaded to Google Drive2. Therefore, option C is correct and the other options are incorrect. References: Optical Character Recognition (OCR) - Netskope Knowledge Portal, Add a Policy for Data Protection - Netskope Knowledge Portal
質問 # 31
Your company has a Symantec BlueCoat proxy on-premises and you want to deploy Netskope using proxy chaining. Which two prerequisites need to be enabled first in this scenario? (Choose two.)
- A. Disable SSL decryption.
- B. Disable the X-Authenticated-User header.
- C. Enable the X-Forwarded-For HTTP header
- D. Enable SSL decryption.
正解:C、D
解説:
Explanation
To deploy Netskope using proxy chaining with Symantec BlueCoat proxy on-premises, you need to enable two prerequisites first: Enable SSL decryption on your Symantec BlueCoat proxy. This is required for proxy chaining because Netskope needs to inspect the SSL traffic that is sent from your proxy to the Netskope cloud.
To enable SSL decryption, you need to configure your Symantec BlueCoat proxy to trust the Netskope certificate for SSL interception. You can download the certificate from Settings > Manage > Certificates > Signing CA in the Netskope UI. Enable the X-Forwarded-For HTTP header on your Symantec BlueCoat proxy. This is required for proxy chaining because Netskope needs to identify the original source IP address of the user behind your proxy. The X-Forwarded-For header is used to pass this information from your proxy to Netskope. To enable this header, you need to configure your Symantec BlueCoat proxy to send X-Forwarded-For HTTP header for all HTTP requests. The other options are not valid prerequisites for this scenario. You do not need to disable SSL decryption on your Symantec BlueCoat proxy, as this would prevent Netskope from inspecting the SSL traffic. You do not need to disable the X-Authenticated-User header on your Symantec BlueCoat proxy, as this is an optional header that can be used to pass additional user information from your proxy to Netskope. References: Proxy Chaining3, Configure Forcepoint for Proxy Chaining
質問 # 32
Your company asks you to use Netskope to integrate with Endpoint Detection and Response (EDR) vendors suchas CrowdStrike. In this scenario,what is a requirement for a successful Integration and sharing of threat data?
- A. custom log parser
- B. user endpoint
- C. device classification
- D. API Client ID
正解:D
解説:
Explanation
To integrate Netskope with EDR vendors such as CrowdStrike and share threat data, a requirement for a successful integration is A. API Client ID. An API Client ID is a unique identifier that is used to authenticate and authorize requests to the EDR vendor's API. You need to obtain an API Client ID from the EDR vendor and enter it in the Netskope tenant settings under Threat Protection > Integration. This will allow Netskope to communicate with the EDR vendor and exchange threat intelligence and remediation actions1. Therefore, option A is correct and the other options are incorrect. References: Integrating CrowdStrike for EDR - Netskope Knowledge Portal
質問 # 33
Your company has Microsoft Azure ADFS set up as the Identity Provider (idP). You need to deploy the Netskope client to all company users on Windows laptops without user intervention.
In this scenario, which two deployment options would you use? (Choose two.)
- A. Deploy the Netskope client with Microsoft GPO.
- B. Deploy the Netskope client using an email Invitation.
- C. Deploy the Netskope client with SCCM.
- D. Deploy the Netskope client using IdP.
正解:A、C
解説:
Explanation
To deploy the Netskope client to all company users on Windows laptops without user intervention, you can use either SCCM or GPO. These are two methods of packaging the application and pushing it silently to the user's device using Microsoft tools4. These methods donot require the user to have local admin privileges or to initiate the installation themselves. They also allow enforcing the use of the client through company policy. The Netskope client can authenticate the user using Azure ADFS as the identity provider, as long as the UPN of the logged in user matches the directory5
質問 # 34
Your organization has a homegrown cloud application. You are required to monitor the activities that users perform on this cloud application such as logins, views, and downloaded files. Unfortunately, it seems Netskope is unable to detect these activities by default.
How would you accomplish this goal?
- A. Ensure that the application is added to the SSL decryption policy.
- B. Enable access to the application with Netskope Private Access.
- C. Create a new cloud application definition using the Chrome extension.
- D. Ensure that the cloud application is added as a steering exception.
正解:C
解説:
Explanation
To monitor the activities that users perform on a homegrown cloud application, you need to create a new cloud application definition using the Chrome extension. The Chrome extension is a tool that allows you to record the traffic and activities of any web-based application and create a custom app definition that can be imported into your Netskope tenant1. This way, you can enable Netskope to detect and analyze the activities of your homegrown cloud application and apply policies accordingly. Therefore, option D is correct and the other options are incorrect. References: Creating a Cloud App Definition - Netskope Knowledge Portal
質問 # 35
Recently your company implemented Zoom for collaboration purposes and you are attempting to inspect the traffic with Netskope. Your initial attempt reveals that you are not seeing traffic from the Zoom client that is used by all users. You must ensure that this traffic is visible to Netskope.
In this scenario, which two steps must be completed to satisfy this requirement? (Choose two.)
- A. Create a steering exception for Zoom to ensure traffic is reaching Netskope.
- B. Remove the Zoom certificate-pinned application from the default steering configuration.
- C. Create a Do Not Decrypt SSL policy for the Zoom application suite.
- D. Remove the default steering exception for the Web Conferencing Category.
正解:B、D
解説:
Explanation
To ensure that the traffic from the Zoom client is visible to Netskope, you need to remove the Zoom certificate-pinned application from the default steering configuration and remove the default steering exception for the Web Conferencing Category. A certificate-pinned application is an application that validates the server certificates against the hardcoded ones in the application. This is a security technique used to prevent man-in-the-middle attacks and secure access to the application. By default, Netskope bypasses the traffic from certificate-pinned applications and does not decrypt or inspect it3. Zoom is one of the predefined certificate-pinned applications that Netskope supports4. To enable Netskope to inspect the traffic from Zoom, you need to remove it from the steering configuration that applies to your users5. Additionally, you need to remove the default steering exception for the Web Conferencing Category, which includes Zoom and other similar applications. A steering exception is a rule that specifies the traffic that you want to bypass Netskope and go directly to the destination6. By removing this exception, you allow Netskope to steer and analyze the traffic from web conferencing applications. Therefore, options C and D are correct and the other options are incorrect. References: Certificate Pinned Applications - Netskope Knowledge Portal, Certificate Pinned App (CPA) - The Netskope Community, Steering Configuration - Netskope Knowledge Portal, Steering Exceptions
- Netskope Knowledge Portal
質問 # 36
Review the exhibit.
Your company uses Google as the corporate collaboration suite; however, corporate policy restricts the use of personal Google services. The exhibit provides a partially completed policy to ensure that users cannot log into their personal account.
What should be added to achieve the desired outcome in this scenario?
- A. DLP profile
- B. Device classification
- C. User Constraint
- D. Google Gmail app
正解:C
解説:
Explanation
In order to restrict users from logging into their personal Google accounts, the policy should include a user constraint. This will ensure that only users with corporate accounts can access the corporate collaboration suite. The user constraint can be added by selecting the "User" option in the "Source" field and then choosing the appropriate user group or identity provider. The other options are not relevant for this scenario. References: [Creating a Policy to Block Personal Google Services], [Policy Creation], [User Constraint]
質問 # 37
You are having issues with fetching user and group Information periodically from the domain controller and posting that information to your tenant instance in the Netskope cloud. To begin the troubleshooting process, what would you Investigate first in this situation?
- A. AD Connector
- B. DNS Connector
- C. Directory Importer
- D. On-Premises Log Parser
正解:C
解説:
Explanation
The Directory Importer is a component of the Netskope Adapters that connects to the domain controller and periodically fetches user and group information to post that info to your tenant instance in the Netskope cloud1. If you are having issues with this process, the first thing you should investigate is the Directory Importer itself. You can check the status of the Directory Importer service, the configuration file, the logs, and the connectivity to the domain controller and the Netskope cloud2. Therefore, option B is correct and the other options are incorrect. References: Configure Directory Importer - Netskope Knowledge Portal, Troubleshooting Directory Importer - Netskope Knowledge Portal
質問 # 38
You are comparing the behavior of Netskope's Real-time Protection policies to API Data Protection policies.
In this Instance, which statement is correct?
- A. All real-time policies are enforced, regardless of sequential order, while API policies are analyzed sequentially from top to bottom and stop once a policy Is matched.
- B. All API policies are enforced, regardless of sequential order, while real-time policies are analyzed sequentially from top to bottom and stop once a policy Is matched.
- C. Both real-time and API policies are all enforced, regardless of sequential order.
- D. Both real-time and API policies are analyzed sequentially from top to bottom and stop once a policy Is matched.
正解:B
解説:
Explanation
Netskope's Real-time Protection policies and API Data Protection policies have different ways of applying actions based on the policy order. Real-time Protection policies are analyzed sequentially from top to bottom and stop once a policy is matched. This means that only one policy action is applied per transaction. API Data Protection policies are all enforced, regardless of sequential order. This means that multiple policy actions can be applied per file or email. Therefore, the correct statement is that all API policies are enforced, regardless of sequential order, while real-time policies are analyzed sequentially from top to bottom and stop once a policy is matched. References: Real-time Protection Policies1, API Data Protection Policies2
質問 # 39
You want to prevent a document stored in Google Drive from being shared externally with a public link. What would you configure in Netskope to satisfy this requirement?
- A. Real-time Protection policy
- B. API Data Protection policy
- C. Quarantine
- D. Threat Protection policy
正解:B
解説:
Explanation
To prevent a document stored in Google Drive from being shared externally with a public link, you need to configure an API Data Protection policy in Netskope. An API Data Protection policy allows you to discover, classify, and protect data that is already resident in your cloud services, such as Google Drive1. You can create a policy that matches the documents you want to protect based on criteria such as users, content, activity, or DLP profiles. Then, you can choose an action to prevent the documents from being shared externally, such as remove external collaborators, remove public links, or quarantine2. Therefore, option B is correct and the other options are incorrect. References: API Data Protection - Netskope Knowledge Portal, Add a Policy for API Data Protection - Netskope Knowledge Portal
質問 # 40
Your customer implements Netskope Secure Web Gateway to secure all Web traffic. While they have created policies to block certain categories, there are many new sites available dally that are not yet categorized. The customer's users need quick access and cannot wait to put in a request to gain access requiring a policy change or have the site's category changed.
To solve this problem, which Netskope feature would provide quick, safe access to these types of sites?
- A. Netskope Remote Browser Isolation (RBI)
- B. Netskope Cloud Firewall (CFW)
- C. Netskope Continuous Security Assessment (CSA)
- D. Netskope SaaS Security Posture Management (SSPM)
正解:A
解説:
Explanation
To solve the problem of providing quick, safe access to uncategorized and risky websites, the Netskope feature that the customer should use is Netskope Remote Browser Isolation (RBI). Netskope RBI is a part of the Netskope Secure Web Gateway offering that intercepts a user's browsing session to a website, acting as a proxy that fetches the content for that user and renders the content in an isolated browsing instance. The rendered content is delivered to the user's browser as a safe stream of pixels. This safely silos the end user's device and the enterprise network and systems, separating it from their browsing activity and restricting the ability of an attacker to establish control and / or breach other systems and exfiltrate data1. Netskope RBI can be easily invoked with an 'isolate' policy action within the Netskope Security Cloud for any website category or domain2. Therefore, option B is correct and the other options are incorrect. References: Remote Browser Isolation - Netskope Knowledge Portal, Netskope Remote Browser Isolation - Netskope
質問 # 41
You want to reduce false positives by only triggering policies when contents of your customer database are uploaded to Dropbox. Your maximum database size is 2 MB. In this scenario, what are two ways to accomplish this task? (Choose two.)
- A. Upload the .csv export lo the Netskope tenant DLP rules section to create an exact match hash.
- B. Use a Netskope virtual appliance to create an exact match hash.
- C. Send the .csv export to Netskope using a support ticket with the subject, "create exact match hash".
- D. Use the Netskope client to upload the .csv export to the Netskope management plane DLP container.
正解:A、B
解説:
Explanation
To reduce false positives by only triggering policies when contents of your customer database are uploaded to Dropbox, you can use two methods: Upload the .csv export to the Netskope tenant DLP rules section to create an exact match hash. This is a method that allows you to upload a file containing structured data, such as a customer database, to the Netskope tenant and generate a hash of the data. The hash is then used to match the data in the cloud traffic and trigger DLP policies. This method is suitable for files that are less than 10 MB in size. To upload the file, you need to go to Policies > Data Protection > DLP Rules and click on Exact Match Hashes. Then you can select the file from your local system and upload it. Use a Netskope virtual appliance to create an exact match hash. This is a method that allows you to create a file containing structured data, such as a customer database, and upload it to the Netskope cloud using a virtual appliance. The virtual appliance encrypts the file before uploading it and generates a hash of the data. The hash is then used to match the data in the cloud traffic and trigger DLP policies. This method is suitable for files that are larger than 10 MB in size. To create the file, you need to follow a specific format and save it as a .csv file. To upload the file, you need to use the request dlp-pdd upload command on the virtual appliance CLI. The other options are not valid methods for this task. You cannot use the Netskope client to upload the .csv export to the Netskope management plane DLP container, as this is not a supported feature of the client. You cannot send the .csv export to Netskope using a supportticket with the subject, "create exact match hash", as this is not a secure or efficient way of creating an exact match hash. References: Create an Exact Match Hash from the UI1, Create an Exact Match Hash from a Virtual Appliance2
質問 # 42
A customer wants to use Netskope to prevent PCI data from leaving the corporate sanctioned OneDrive instance. In this scenario. which two solutions would assist in preventing data exfiltration? (Choose two.)
- A. API Data Protection
- B. Cloud Firewall (CFW)
- C. SaaS Security Posture Management (SSPM)
- D. Real-time Protection
正解:A、D
解説:
Explanation
To prevent PCI data from leaving the corporate sanctioned OneDrive instance, the customer can use API Data Protection and Real-time Protection. API Data Protection is a feature that allows you to discover, classify, and protect data that is already resident in your cloud services, such as OneDrive. You can create a policy that matches the PCI data based on criteria such as users, content, activity, or DLP profiles. Then, you can choose an action to prevent the PCI data from being shared or exfiltrated, such as remove external collaborators, remove public links, or quarantine3. Real-time Protection is a feature that allows you to inspect and control data in transit between your users and cloud services, such as OneDrive. You can create a policy that matches the PCI data based on criteria such as users, devices, locations, categories, or DLP profiles. Then, you can choose an action to prevent the PCI data from being uploaded or downloaded, such as block, alert, encrypt, or watermark4. Therefore, options A and D are correct and the other options are incorrect. References: API Data Protection - Netskope Knowledge Portal, Real-time Protection - Netskope Knowledge Portal
質問 # 43
Review the exhibit.
What is the purpose ofthe configuration page shown Iithe exhibit?
- A. to allow users to authenticate against the proxy
- B. to enforce administrative role-based access
- C. to onboard Active Directory users to a Netskope tenant
- D. to provision a Netskope client using SCCM
正解:C
解説:
Explanation
The configuration page shown in the exhibit is used to onboard Active Directory users to a Netskope tenant.
This is done by configuring the Active Directory settings in the Netskope platform and then importing the users from Active Directory. The configuration page allows you to specify the following parameters:
Directory Service: The type of directory service that you are using, such as Active Directory or LDAP.
Domain Name: The name of your Active Directory domain, such as example.com.
Domain Controller: The IP address or hostname of your Active Directory domain controller, such as dc1.example.com.
Username: The username of an account that has read access to your Active Directory, such as [email protected].
Password: The password of the account that has read access to your Active Directory.
Base DN: The base distinguished name of the container or organizational unit that contains the users and groups that you want to import, such as OU=Users,DC=example,DC=com.
User Filter: The LDAP filter that defines the criteria for selecting the users that you want to import, such as (objectClass=user).
Group Filter: The LDAP filter that defines the criteria for selecting the groups that you want to import, such as (objectClass=group).
After configuring these parameters, you can click on Test Connection to verify that the connection to your Active Directory is successful. Then you can click on Import Users to start importing the users and groups from your Active Directory to your Netskope tenant.
References: Onboarding Active Directory Users to a Netskope Tenant1
質問 # 44
You are integrating Netskope tenant administration with an external identity provider. You need to implement role-based access control. Which two statements are true about this scenario? (Choose two.)
- A. The roles you want to assign must be present in the Netskope tenant.
- B. You do not need to define the administrators locally in the Netskope tenant after It Is integrated with IdP.
- C. Once integrated withIdP. you must append the "locallogin" URL to log in using IdP
- D. You need to define the administrators locally in the Netskope tenant.
正解:A、D
解説:
Explanation
To implement role-based access control when integrating Netskope tenant administration with an external identity provider (IdP), two statements that are true about this scenario are A. The roles you want to assign must be present in the Netskope tenant and C. You need to define the administrators locally in the Netskope tenant. Role-based access control (RBAC) is a feature that allows you to assign different levels of permissions and access to the Netskope tenant based on the user's role. You can use RBAC to integrate Netskope tenant administration with an external IdP such as Azure AD or Okta and delegate administrative tasks to different users or groups1. To do this, you need to ensure that the roles you want to assign are present in the Netskope tenant. You can use the predefined roles such as SYSADMIN, AUDITOR, or OPERATOR, or create custom roles with specific privileges2. You also need to define the administrators locally in the Netskope tenant by creating local user accounts and assigning them roles. You can use the same email address as the IdP user account for the local useraccount3. Therefore, options A and C are correct and the other options are incorrect. References: Role-Based Access Control - Netskope Knowledge Portal, Roles - Netskope Knowledge Portal, Integrate with Azure AD - Netskope Knowledge Portal
質問 # 45
You are an administrator writing Netskope Real-time Protection policies and must determine proper policy ordering.
Which two statements are true in this scenario? (Choose two.)
- A. You must place Netskope private access malware policies in the middle.
- B. You must place high-risk block policies at the top.
- C. You do not need to create an "allow all" Web Access policy at the bottom.
- D. You must place DLP policies at the bottom.
正解:B、C
解説:
Explanation
To determine proper policy ordering for Netskope Real-time Protection policies, you need to follow these two statements: B. You do not need to create an "allow all" Web Access policy at the bottom. D. You must place high-risk block policies at the top. These statements are based on the best practices for policy ordering recommended by Netskope3. An "allow all" Web Access policy at the bottom is not necessary because any traffic that does not match any policy will be allowed by default. However, you can create a "monitor all" Web Access policy at the bottom if you want to log all the traffic that is not matched by any other policy4.
High-risk block policies atthe top are important because they prevent any traffic that poses a serious threat or violates a critical compliance standard from reaching its destination. These policies should have higher priority than other policies that may allow or modify the traffic5. Therefore, options B and D are correct and the other options are incorrect. References: Real-time Protection Policies - Netskope Knowledge Portal, Create a Real-time Protection Policy for Web Categories - Netskope Knowledge Portal, Best Practices: Real-time Protection Policies (1 of 2) - Netskope
質問 # 46
Netskope support advised you to enable DTLS for belter performance. You added firewall rules to allow UDP port 443 traffic. These settings are part of which configuration element when enabled in the Netskope tenant?
- A. Real-time Protection policies
- B. client configuration
- C. SSL decryption policies
- D. steering configuration
正解:B
解説:
Explanation
DTLS (Datagram Transport Layer Security) is a protocol that provides secure communication over UDP. It is an option that can be enabled in the client configuration settings in the Netskope tenant. Enabling DTLS can improve the performance of the Netskope client, especially in high latency or packet loss scenarios. DTLS is not related to Real-time Protection policies, SSL decryption policies, or steering configuration, which are different configuration elements in the Netskope tenant. References: Client Configuration Settings 3, Netskope Client Performance 4
質問 # 47
Review the exhibit.
You want to discover new cloud applications in use within an organization.
Referring to the exhibit, which three methods would accomplish this task? (Choose three.)
- A. Deploy an On-Premises Log Parser (OPLP).
- B. Upload firewall or proxy logs directly into the Netskope platform.
- C. Set up API-enabled Protection instances for SaaS applications.
- D. View "All Apps" within the Cloud Confidence Index (CCI) In the Netskope Ul.
- E. Use forward proxy steering methods to direct cloud traffic to Netskope
正解:A、B、E
解説:
Explanation
To discover new cloud applications in use within an organization, three methods that would accomplish this task are B. Deploy an On-Premises Log Parser (OPLP), C. Use forward proxy steering methods to direct cloud traffic to Netskope, and E. Upload firewall or proxy logs directlyinto the Netskope platform. An On-Premises Log Parser (OPLP) is a software component that allows you to parse logs from your on-premises firewall or proxy devices and send them to the Netskope cloud for analysis and reporting. You can deploy an OPLP on a Linux server in your network and configure it to connect to your log sources and upload logs periodically or in real time3. A forward proxy steering method is a way of directing your web traffic from your users' devices or browsers to the Netskope cloud for inspection and policy enforcement. You can use forward proxy steering methods such as PAC file, VPN, or inline proxy to steer traffic to Netskope and discover new cloud applications in use4. Uploading firewall or proxy logs directly into the Netskope platform is a way of manually sending logs from your log sources to the Netskope cloud for analysis and reporting. You can upload firewall or proxy logs directly into the Netskope platform by going to SkopeIT > Settings > Log Upload > New Log Upload and selecting the log source type, file format, log file, and time zone5. Therefore, options B, C, and E are correct and the other options are incorrect. References: On-Premises Log Parser - Netskope Knowledge Portal, Traffic Steering - Netskope Knowledge Portal, Upload Firewall or Proxy Logs Directly into the Platform - Netskope Knowledge Portal
質問 # 48
The risk team at your company has determined that traffic from the sales team to a custom Web application should not be inspected by Netskope. All other traffic to the Web application should continue to be inspected.
In this scenario, how would you accomplish this task?
- A. Create a Do Not Decrypt Policy using Source IP and Application in the policy page.
- B. Create a Do Not Decrypt Policy using Destination IP and Application in the policy page.
- C. Create a Do Not Decrypt Policy using Application in the policy page and a Steering Exception for Group
- D. Create a Do Not Decrypt Policy using User Group and Domainin the policy page.
正解:D
解説:
Explanation
To prevent traffic from the sales team to a custom Web application from being inspected by Netskope, you need to create a Do Not Decrypt Policy using User Group and Domain in the policy page. A Do Not Decrypt Policy allows you to specify the traffic you want to leave encrypted and not further analyzed by Netskope via the Real-time Protection policies3. You can use the User Group criteria to match the sales team members and the Domain criteria to match the custom Web application. This way, only the traffic from the sales team to the custom Web application will be exempted from decryption, while all other traffic to the Web application will continue to be inspected.
質問 # 49
An engineering firm is using Netskope DLP to identify and block sensitive documents, including schematics and drawings. Lately, they have identified that when these documents are blocked, certain employees may be taking screenshots and uploading them. They want to block any screenshots from being uploaded.
Which feature would you use to satisfy this requirement?
- A. optical character recognition (OCR)
- B. exact data match (EDM)
- C. ML image classifier
- D. document fingerprinting
正解:C
解説:
Explanation
To block any screenshots from being uploaded, the engineering firm should use the ML image classifier feature of Netskope DLP. This feature uses machine learning to detect sensitive information within images, such as screenshots, whiteboards, passports, driver's licenses, etc. The firm can create a DLP policy that blocks any image upload that matches the screenshot classifier. This will prevent employees from circumventing the DLP controls by taking screenshots of sensitive documents. References: Improved DLP Image Classifiers, Netskope Data Loss Prevention, The Importance of a Machine Learning-Based Source Code Classifier
質問 # 50
Netskope support advised you to enable DTLS for belter performance. You added firewall rules to allow UDP port 443 traffic. These settings are part of which configuration element when enabled in the Netskope tenant?
- A. Real-time Protection policies
- B. client configuration
- C. SSL decryption policies
- D. steering configuration
正解:B
解説:
Explanation
DTLS (Datagram Transport Layer Security) is a protocol that provides secure communication over UDP. It is an option that can be enabled in the client configuration settings in the Netskope tenant. Enabling DTLS can improve the performance of the Netskope client, especially in high latency or packet loss scenarios. DTLS is not related to Real-time Protection policies, SSL decryption policies, or steering configuration, which are different configuration elements in the Netskope tenant. References: Client Configuration Settings 3, Netskope Client Performance 4
質問 # 51
You are implementing tenant access security and governance controls for privileged users. You want to start with controls that are natively available within the Netskope Cloud Security Platform and do not require external or third-party integration.
Which three access controls would you use in this scenario? (Choose three.)
- A. Applying predefined or custom roles to limit the admin's access to only those functions required for their job.
- B. Login attempts to set the number of failed attempts before the admin user is locked out of the Ul.
- C. Multi-factor authentication to verify a user's authenticity.
- D. History-based access control based on past security actions.
- E. IP allowlisting to control access based upon source IP addresses.
正解:A、B、E
解説:
Explanation
To implement tenant access security and governance controls for privileged users, you can use the following access controls that are natively available within the Netskope Cloud Security Platform and do not require external or third-party integration:
IP allowlisting to control access based upon source IP addresses. This allows you to specify the IP addresses that are allowed to access your Netskope tenant2. This can prevent unauthorized access from unknown or malicious sources.
Login attempts to set the number of failed attempts before the admin user is locked out of the UI. This allows you to configure how many times an admin can enter an incorrect password before being locked out for a specified period of time3. This can prevent brute-force attacks or password guessing attempts.
Applying predefined or custom roles to limit the admin's access to only those functions required for their job. This allows you to assign different levels of permissions and access rights to different admins based on their roles and responsibilities4. This can enforce the principle of least privilege and reduce the risk of misuse or abuse of admin privileges. Therefore, options A, B, and C are correct and the other options are incorrect. References: Secure Tenant Configuration and Hardening - Netskope Knowledge Portal, Admin Settings - Netskope Knowledge Portal, Create Roles - Netskope Knowledge Portal
質問 # 52
Your company needs to keep quarantined files that have been triggered by a DLP policy. In this scenario, which statement Is true?
- A. The files are stored In the Cloud provider assigned In the Quarantine profile.
- B. The files are stored on the administrator console PC assigned In the Quarantine profile.
- C. The files are stored In the Netskope data center assigned in the Quarantine profile.
- D. The files are stofed remotely In your data center assigned In the Quarantine profile.
正解:C
解説:
Explanation
When a policy flags a file to be quarantined, that file is placed in a quarantine folder and a tombstone file is put in the original location in its place. The quarantine folder is located in the Netskope data center assigned in the Quarantine profile. The Quarantine profile is configured in Settings > Threat Protection > API-enabled Protection. The quarantined file is zipped and protected with a password to prevent users from inadvertently downloading the file. Netskope then notifies the admin specified in the profile1. Therefore, option B is correct and the other options are incorrect. References: Quarantine - Netskope Knowledge Portal, Threat Protection - Netskope Knowledge Portal
質問 # 53
......
Netskope NCCSI無料認定試験材料はJPNTestが提供された62問題:https://www.jpntest.com/shiken/NSK200-mondaishu
NSK200問題集完全版問題試験学習ガイド:https://drive.google.com/open?id=1mtqSG1wmFXa_EO4_-tLXEcc6amqaNyWi