100% Pass Guaranteed Free NSK200 Exam Dumps Jun 07, 2025
Verified & Latest NSK200 Dump Q&As with Correct Answers
Netskope NSK200 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
NEW QUESTION # 35
Your customer is concerned aboutmalware in their AWS S3 buckets. What two actions would help with this scenario? (Choose two.)
- A. Enable Threat Protection (Malware Scan) for all of their AWS instances to Identify malware.
- B. Create a real-time policy to block malware uploads to their AWS instances.
- C. Create a threatprofile to quarantine malware in their AWS S3 buckets.
- D. Create an API protection policy to quarantine malware in their AWS S3 buckets.
Answer: A,D
Explanation:
Explanation
To help the customer with the scenario of malware in their AWS S3 buckets, two actions that would help are B: Enable Threat Protection (Malware Scan) for all of their AWS instances to identify malware and C. Create an API protection policy to quarantine malware in their AWS S3 buckets. Threat Protection (Malware Scan) is a feature that allows you to scan files in your cloud services, such as AWS S3, for malware using Netskope's advanced threat protection engine. You can enable Threat Protection (Malware Scan) for all of your AWS instances in the Netskope tenant by going to Settings > Cloud Services > AWS > Threat Protection and selecting the Enable Malware Scan option1. This will help you identify malware in your AWS S3 buckets and generate alerts for further action. An API protection policy is a rule that specifies the actions and notifications that Netskope applies to the data that is already resident in your cloud services, such as AWS S3, based on various criteria. You can create an API protection policy to quarantine malware in your AWS S3 buckets by going to Policies > API Protection > New Policy and selecting the AWS service, the Malware Scan data identifier, and the Quarantine action in the policy page2. This will help you isolate malware in your AWS S3 buckets and prevent it from spreading or being accessed by unauthorized users. Therefore, options B and C are correct andthe other options are incorrect. References: Threat Protection (Malware Scan) - Netskope Knowledge Portal, Add a Policy for API Protection - Netskope Knowledge Portal
NEW QUESTION # 36
Which statement describes a requirement for deploying a Netskope Private Application (NPA) Publisher?
- A. The publisher must be deployed in a public cloud environment, such as AWS.
- B. The publisher's name must match the name of the application process that it will access.
- C. The publisher must be deployed on the network where the private application will be accessed.
- D. The publisher must be deployed in a private data center.
Answer: C
Explanation:
Explanation
The statement that describes a requirement for deploying a Netskope Private Application (NPA) Publisher is C: The publisher must be deployed on the network where the private application will be accessed. A NPA Publisher is a software component that enables Netskope to discover resources that users will connect to via NPA. A NPA Publisher must be deployed on the same network as the private application that it will publish, such as a public cloud environment (AWS, Azure, GCP) or a private data center3. This ensures that the NPA Publisher can communicate with the private application and relay its traffic to the NPA service in the Netskope cloud. Therefore, option C is correct and the other options are incorrect. References: Deploy a Publisher - Netskope Knowledge Portal
NEW QUESTION # 37
Review the exhibit.
You want to create a custom URL category to apply a secure Web gateway policy combining your own list of URLs and Netskope predefined categories.
In this scenario, which task must be completed?
- A. Add the URL list to a Custom category.
- B. Add the URL list to a Real-time Protection policy.
- C. Add the URL list to a Steering configuration.
- D. Add the URL list to the Client configuration.
Answer: A
Explanation:
Explanation
In order to create a custom URL category to apply a secure Web gateway policy combining your own list of URLs and Netskope predefined categories, you must add the URL list to a Customcategory. This is because Netskope allows you to create custom categories that can be used in policies to block or allow access to specific URLs. You can also include or exclude predefined categories and other URL lists in your custom category. To create a custom category, you need to go to Policies > Web > Custom Categories and click New Custom Category. Then you can select the predefined categories and URL lists that you want to include or exclude in your custom category. You also need to give your custom category a name and save it. After creating a custom category, you can apply it to a Real-time Protection policy by selecting it from the Categories dropdown. The other options are not valid tasks for creating a custom URL category. You do not need to add the URL list to the Client configuration, as this is only required for client-side steering methods.
You do not need to add the URL list to a Steering configuration, as this is only required for network-side steering methods. You do not need to add the URL list to a Real-time Protection policy directly, as this will not allow you to combine it with predefined categories. References: Custom Category3, Create Custom Categories
NEW QUESTION # 38
You are an administrator writing Netskope Real-time Protection policies and must determine proper policy ordering.
Which two statements are true in this scenario? (Choose two.)
- A. You must place DLP policies at the bottom.
- B. You must place high-risk block policies at the top.
- C. You do not need to create an "allow all" Web Access policy at the bottom.
- D. You must place Netskope private access malware policies in the middle.
Answer: B,C
Explanation:
To determine proper policy ordering for Netskope Real-time Protection policies, you need to follow these two statements: B. You do not need to create an "allow all" Web Access policy at the bottom. D. You must place high-risk block policies at the top. These statements are based on the best practices for policy ordering recommended by Netskope3. An "allow all" Web Access policy at the bottom is not necessary because any traffic that does not match any policy will be allowed by default. However, you can create a "monitor all" Web Access policy at the bottom if you want to log all the traffic that is not matched by any other policy4.
High-risk block policies at the top are important because they prevent any traffic that poses a serious threat or violates a critical compliance standard from reaching its destination. These policies should have higher priority than other policies that may allow or modify the traffic5. Therefore, options B and D are correct and the other options are incorrect. References: Real-time Protection Policies - Netskope Knowledge Portal, Create a Real-time Protection Policy for Web Categories - Netskope Knowledge Portal, Best Practices:
Real-time Protection Policies (1 of 2) - Netskope
NEW QUESTION # 39
Your team is asked to investigate ten Netskope DLP incidents. You want to assign these incidents among different team members.
- A. Use the Quarantine Incident workflow.
- B. Use the Forensic Incident workflow.
- C. Use your ticketing tool.
- D. Use the DLP Incident workflow.
Answer: D
Explanation:
The DLP Incident workflow in Netskope is specifically designed for managing and investigating DLP incidents. This workflow allows incidents to be assigned to team members, facilitating efficient investigation and resolution of data loss concerns.
NEW QUESTION # 40
After deploying the Netskope client to a number of devices, users report that the Client status indicates
"Admin Disabled". User and gateway information is displayed correctly in the client configuration dialog Why are clients installing in an "Admin Disabled" state in this scenario?
- A. All devices were previously disabled by the administrator.
- B. The user's account has no mail ID attribute In Active Directory.
- C. The user's identity is not synchronized to Netskope.
- D. The user's password was incorrect during enrollment.
Answer: A
Explanation:
Explanation
The Netskope client can be disabled by the administrator from the Netskope console. This is useful for troubleshooting or maintenance purposes. When the client is disabled by the administrator, it shows the status as "Admin Disabled" and does not apply any policies or steer any traffic. The user cannot enable the client unless the administrator enables it from the console. The other options are not valid reasons for the client to be in an "Admin Disabled" state. References: Netskope Client Status 1, Enable or Disable Netskope Client 2
NEW QUESTION # 41
Review the exhibit.
You are asked to restrict users from accessing YouTube content tagged as Sport. You created the required real-time policy; however, users can still access the content Referring to the exhibit, what is the problem?
- A. The website is in a steering policy exception.
- B. The policy changes have not been applied.
- C. The traffic matched a Do Not Decrypt policy
- D. The YouTube content cannot be controlled.
Answer: C
Explanation:
Explanation
The problem in this scenario is that the traffic matched a Do Not Decrypt policy. A Do Not Decrypt policy is a rule that specifies the traffic that you want to leave encrypted and not further analyzed by Netskope via the Real-time Protection policies1. In the exhibit, we can see that the traffic from the user to YouTube has a
"Bypass Traffic" value of "yes" and a "Netskope" value of "yes". This means that the traffic was steered to Netskope but not decrypted or inspected2. Therefore, the real-time policy that was created to restrict users from accessing YouTube content tagged as Sport did not apply, and users could still access the content. To solve this problem, you need to either remove or modify the Do Not Decrypt policy that matches the traffic to YouTube, or create an exception for the Sport category in the policy3. Therefore, option D is correct and the other options are incorrect. References: Page Events - Netskope Knowledge Portal, Add a Policy for SSL Decryption - Netskope Knowledge Portal, YouTube Content Control - Netskope Knowledge Portal
NEW QUESTION # 42
Recently your company implemented Zoom for collaboration purposes and you are attempting to inspect the traffic with Netskope. Your initial attempt reveals that you are not seeing traffic from the Zoom client that is used by all users. You must ensure that this traffic is visible to Netskope.
In this scenario, which two steps must be completed to satisfy this requirement? (Choose two.)
- A. Create a steering exception for Zoom to ensure traffic is reaching Netskope.
- B. Remove the default steering exception for the Web Conferencing Category.
- C. Create a Do Not Decrypt SSL policy for the Zoom application suite.
- D. Remove the Zoom certificate-pinned application from the default steering configuration.
Answer: B,D
Explanation:
To ensure that the traffic from the Zoom client is visible to Netskope, you need to remove the Zoom certificate-pinned application from the default steering configuration and remove the default steering exception for the Web Conferencing Category. A certificate-pinned application is an application that validates the server certificates against the hardcoded ones in the application. This is a security technique used to prevent man-in-the-middle attacks and secure access to the application. By default, Netskope bypasses the traffic from certificate-pinned applications and does not decrypt or inspect it3. Zoom is one of the predefined certificate-pinned applications that Netskope supports4. To enable Netskope to inspect the traffic from Zoom, you need to remove it from the steering configuration that applies to your users5. Additionally, you need to remove the default steering exception for the Web Conferencing Category, which includes Zoom and other similar applications. A steering exception is a rule that specifies the traffic that you want to bypass Netskope and go directly to the destination6. By removing this exception, you allow Netskope to steer and analyze the traffic from web conferencing applications. Therefore, options C and D are correct and the other options are incorrect. References: Certificate Pinned Applications - Netskope Knowledge Portal, Certificate Pinned App (CPA) - The Netskope Community, Steering Configuration - Netskope Knowledge Portal, Steering Exceptions - Netskope Knowledge Portal
NEW QUESTION # 43
Your customer has some managed Windows-based endpoints where they cannot add any clients or agents. For their users to have secure access to their SaaS application, you suggest that the customer use Netskope's Explicit Proxy.
Which two configurations are supported for this use case? (Choose two.)
- A. Endpoints can be configured to use a Proxy Auto Configuration (PAC) file.
- B. Endpoints must have separate steering configurations in the tenant settings.
- C. Endpoints must be configured in the device section of the tenant to interoperate with all proxies.
- D. Endpoints can be configured to directly use the Netskope proxy.
Answer: A,D
Explanation:
Explanation
For the use case of managed Windows-based endpoints where no clients or agents can be added, you can suggest that the customer use Netskope's Explicit Proxy. Explicit Proxy is a method for steering traffic from any device to the Netskope Cloud using a proxy server. There are two supported configurations for this use case: Endpoints can be configured to directly use the Netskope proxy by setting the proxy settings in the browser or the operating system to point to the explicit proxy destination provided by Netskope. Endpoints can be configured to use a Proxy Auto Configuration (PAC) file by downloading a PAC file template from Netskope and modifying it according to the customer's needs. The PAC file can be hosted on-premises or on the cloud and distributed to the endpoints. The other options are not valid for this use case. Endpoints do not need separate steering configurations in the tenant settings, as they can use the same explicit proxy destination and port. Endpoints do not need to be configured in the device section of the tenant to interoperate with all proxies, as this is only required for reverse proxy mode. References: Explicit Proxy3, [Explicit Proxy over IPSec and GRE Tunnels]
NEW QUESTION # 44
A customer wants to deploy the Netskope client on all their employee laptops to protect all Web traffic when users are working from home. However, users are required to work from their local offices at least one day per week. Management requests that users returning to the office be able to transparently leverage the local security stack without any user intervention.
Which two statements are correct in this scenario? (Choose two.)
- A. You must enable On-premises Detection in the client configuration.
- B. You must allow users to unenroll In the client configuration.
- C. You must disable Dynamic Steering in the traffic steering profile.
- D. You must configure IPsec/GRE tunnels on the local network to steer traffic to Netskope.
Answer: A,C
Explanation:
To allow users to transparently leverage the local security stack when they return to the office, you need to follow these two statements: A. You must enable On-premises Detection in the client configuration and C.
You must disable Dynamic Steering in the traffic steering profile. On-premises Detection is a feature that allows the Netskope client to detect whether it is on-premises or off-premises based on a DNS or HTTP probe. You need to enable On-premises Detection in the client configuration and specify a domain name or an HTTP address that is only accessible from your local network3. Dynamic Steering is a feature that allows you to steer different types of traffic differently based on various criteria such as user group, location, category, etc. You need to disable Dynamic Steering in the traffic steering profile or create an exception for your local network to bypass Netskope and use your local security stack4. Therefore, options A and C are correct and the other options are incorrect. References: Client Configuration - Netskope Knowledge Portal, Dynamic Steering
- Netskope Knowledge Portal
NEW QUESTION # 45
Your small company of 10 people wants to deploy the Netskope client to all company users without requiring users to be imported using Active Directory, LDAP, or an IdP.
- A. Deploy the Netskope client using an email invitation.
- B. Deploy the Netskope client using SCCM.
- C. Deploy the Netskope client using Microsoft GPO.
- D. Deploy the Netskope client using JAMF.
Answer: A
Explanation:
Deploying the Netskope client using an email invitation allows smaller companies to onboard users easily without relying on integration with AD, LDAP, or an IdP. This method is efficient for smaller teams that need a quick deployment without complex setup.
NEW QUESTION # 46
You are provisioning Netskope users from Okta with SCIM Provisioning, and users are not showing up in the tenant. In this scenario, which two Netskope components should you verify first In Okta for accuracy?
(Choose two.)
- A. SCIM server URL
- B. OAuth token
- C. IdP Entity ID
- D. Netskope SAML certificate
Answer: A,B
Explanation:
To provision Netskope users from Okta with SCIM Provisioning, and users are not showing up in the tenant, the two Netskope components that you should verify first in Okta for accuracy are B. OAuth token and D.
SCIM server URL. The OAuth token is a credential that allows Okta to authenticate with the Netskope SCIM server and perform user provisioning operations4. The SCIM server URL is the endpoint that Okta uses to communicate with the Netskope SCIM server and send user data5. Both of these components must be configured correctly in Okta for the SCIM Provisioning to work. You can find them in the Netskope UI under Settings > Tools > Directory Tools > SCIM Integration6. Therefore, options B and D are correct and the other options are incorrect. References: SCIM-Based User Provisioning - Netskope Knowledge Portal, Netskope + Okta Use Case: Provisioning Users and Managing Groups Using SCIM - Netskope, Netskope Partner Okta - Netskope
NEW QUESTION # 47
Your organization has three main locations with 30.000 hosts in each location. You are planning to deploy Netskope using iPsec tunnels for security.
What are two considerations to make a successful connection in this scenario? (Choose two.)
- A. operating systems
- B. redundant POPs
- C. number of hosts
- D. browsers in use
Answer: B,C
Explanation:
To deploy Netskope using IPSec tunnels for security in this scenario, two considerations to make a successful connection are C. redundant POPs and D. number of hosts. Redundant POPs are Points of Presence that are geographically distributed data centers that host the Netskope cloud platform. You need to consider redundant POPs to ensure high availability and resiliency of your IPSec tunnels in case of a failure or outage in one of the POPs. You can configure multiple IPSec tunnels from your network to different POPs and use dynamic routing protocols such as BGP to load balance and failover the traffic1. Number of hosts is the number of devices or endpoints that will use the IPSec tunnels to access the cloud services. You need to consider the number of hosts to estimate the bandwidth and throughput requirements of your IPSec tunnels and choose the appropriate POPs that can handle the traffic volume. You can use the Netskope Bandwidth Calculator tool to estimate the bandwidth and throughput based on the number of hosts, locations, and cloud services2.
Therefore, options C and D are correct and the other options are incorrect. References: IPSec - Netskope Knowledge Portal, Netskope Bandwidth Calculator
NEW QUESTION # 48
Review the exhibit.
You are troubleshooting a Netskope client for user Clarke which remains in a disabled state after being installed. After looking at various logs, you notice something which might explain the problem. The exhibit is an excerpt from the nsADImporterLog.log.
Referring to the exhibit, what is the problem?
- A. The client was not Installed with administrative privileges.
- B. The Active Directory user is not synchronized to the Netskope tenant.
- C. The client traffic is decrypted by a network security device.
- D. This is normal; it might take up to an hour to be enabled.
Answer: B
Explanation:
The problem is B. The Active Directory user is not synchronized to the Netskope tenant. This is evident from the log message "WARNING No mail ID for the user: Clarke, Daxmeifield, DC=local, skipping use". This means that the user Clarke does not have a valid email address in the Active Directory, which is required for the Netskope client to work. The Netskope client uses the email address of the user to authenticate and enable the client. Therefore, option B is correct and the other options are incorrect.
NEW QUESTION # 49
You want to secure Microsoft Exchange and Gmail SMTP traffic for DLP using Netskope. Which statement is true about this scenario when using the Netskope client?
- A. Enable Cloud Firewall to Inspect Inbound SMTP traffic for Microsoft Exchange and Gmail.
- B. Netskope can inspect inbound and outbound SMTP traffic for Microsoft Exchange and Gmail.
- C. Netskope can inspect outbound SMTP traffic for Microsoft Exchange and Gmail.
- D. Enable REST API v2 to Inspect inbound SMTP traffic for Microsoft Exchange and Gmail.
Answer: C
Explanation:
Netskope can inspect outbound SMTP traffic for Microsoft Exchange and Gmail using the Netskope client.
The Netskope client intercepts the SMTP traffic from the user's device and forwards it to the Netskope cloud for DLP scanning. The Netskope client does not inspect inbound SMTP traffic, as this is handled by the cloud email service or the MTA. Therefore, option A is correct and the other options are incorrect. References: Configure Netskope SMTP Proxy with Microsoft O365 Exchange, Configure Netskope SMTP Proxy with Gmail, SMTP DLP, Best Practices for Email Security with SMTP proxy
NEW QUESTION # 50
You are troubleshooting an issue with Microsoft where some users complain about an issue accessing OneDrive and SharePoint Online. The configuration has the Netskope client deployed and active for most users, but some Linux machines are routed to Netskope using GRE tunnels. You need to disable inspection for all users to begin troubleshooting the issue.
In this scenario, how would you accomplish this task?
- A. Create a Do Not Decrypt SSL policy for OneDrive.
- B. Create a steering exception for the Microsoft 365 domains.
- C. Create a Real-time Protection policy to isolate Microsoft 365.
- D. Create a Do Not Decrypt SSL policy for the Microsoft 365 App Suite.
Answer: D
Explanation:
To disable inspection for all users accessing Microsoft 365, you need to create a Do Not Decrypt SSL policy for the Microsoft 365 App Suite. This policy will prevent Netskope from decrypting and analyzing the traffic for any Microsoft 365 app, regardless of the access method (Netskope client or GRE tunnel)3. This policy will also allow SNI-based policies to apply, but no deep analysis performed via Real-time Protection policies4. Therefore, option B is correct and the other options are incorrect. References: Add a Policy for SSL Decryption - Netskope Knowledge Portal, Default Microsoft appsuite SSL do not decrypt rule - Netskope Community
NEW QUESTION # 51
Review the exhibit.
You want to discover new cloud applications in use within an organization.
Referring to the exhibit, which three methods would accomplish this task? (Choose three.)
- A. Use forward proxy steering methods to direct cloud traffic to Netskope
- B. View "All Apps" within the Cloud Confidence Index (CCI) In the Netskope Ul.
- C. Deploy an On-Premises Log Parser (OPLP).
- D. Upload firewall or proxy logs directly into the Netskope platform.
- E. Set up API-enabled Protection instances for SaaS applications.
Answer: A,C,D
Explanation:
Explanation
To discover new cloud applications in use within an organization, three methods that would accomplish this task are B. Deploy an On-Premises Log Parser (OPLP), C. Use forward proxy steering methods to direct cloud traffic to Netskope, and E. Upload firewall or proxy logs directlyinto the Netskope platform. An On-Premises Log Parser (OPLP) is a software component that allows you to parse logs from your on-premises firewall or proxy devices and send them to the Netskope cloud for analysis and reporting. You can deploy an OPLP on a Linux server in your network and configure it to connect to your log sources and upload logs periodically or in real time3. A forward proxy steering method is a way of directing your web traffic from your users' devices or browsers to the Netskope cloud for inspection and policy enforcement. You can use forward proxy steering methods such as PAC file, VPN, or inline proxy to steer traffic to Netskope and discover new cloud applications in use4. Uploading firewall or proxy logs directly into the Netskope platform is a way of manually sending logs from your log sources to the Netskope cloud for analysis and reporting. You can upload firewall or proxy logs directly into the Netskope platform by going to SkopeIT > Settings > Log Upload > New Log Upload and selecting the log source type, file format, log file, and time zone5. Therefore, options B, C, and E are correct and the other options are incorrect. References: On-Premises Log Parser - Netskope Knowledge Portal, Traffic Steering - Netskope Knowledge Portal, Upload Firewall or Proxy Logs Directly into the Platform - Netskope Knowledge Portal
NEW QUESTION # 52
Which statement describes how Netskope's REST API, v1 and v2, handles authentication?
- A. REST API v1 requires the use of a token to make calls to the API. while API v2 does not.
- B. Both REST API v1 and v2 require the use of tokens to make calls to the API
- C. Neither REST API v1 nor v2 require the use of tokens.
- D. REST API v2 requires the use of a token to make calls to the API. while API vl does not.
Answer: B
Explanation:
The statement that describes how Netskope's REST API, v1 and v2, handles authentication is A. Both REST API v1 and v2 require the use of tokens to make calls to the API. A token is a unique string that identifies the user or application that is making the API request. The token must be included in the HTTP header of every API call as an authorization parameter1. The token can be generated from the Netskope UI or from the Netskope Platform API2. The token can also be revoked or refreshed as needed3. Therefore, option A is correct and the other options are incorrect. References: REST API v1 Overview - Netskope Knowledge Portal, Netskope Platform API Endpoints for REST API v1 - Netskope Knowledge Portal, REST API v2 Overview - Netskope Knowledge Portal
NEW QUESTION # 53
You are asked to grant access for a group of users to an application using NPA. So far, you have created and deployed the publisher and created a private application using the Netskope console.
Which two steps must also be completed to enable your users access to the application? (Choose two.)
- A. Define an application instance name in Skope IT.
- B. Enable traffic steering for private applications.
- C. Create a Real-time Protection policy that allows your users to access the application.
- D. Create an inbound firewall rule to permit network traffic to reach the publisher
Answer: B,C
Explanation:
To enable your users access to the application using NPA, you need to complete these two steps: B. Enable traffic steering for private applications and C. Create a Real-time Protection policy that allows your users to access the application. Traffic steering is the process of directing the user's traffic to the Netskope cloud platform for inspection and policy enforcement. You need to enable traffic steering for private applications in your traffic steering profile to allow the Netskope client to tunnel the traffic to the private application through the Netskope cloud1. A Real-time Protection policy is a rule that specifies the actions and notifications that Netskope applies to the user's traffic based on various criteria. You need to create a Real-time Protection policy that allows your users to access the private application by selecting the application name, the user group, and the allow action in the policy page2. Therefore, options B and C are correct and the other options are incorrect. References: Traffic Steering Profile - Netskope Knowledge Portal, Add a Policy for Real-time Protection - Netskope Knowledge Portal
NEW QUESTION # 54
Your customer has deployed the Netskope client to secure their Web traffic. Recently, they have enabled Cloud Firewall (CFW) to secure all outbound traffic for their endpoints. Through a recent acquisition, they must secure all outbound traffic at several remote offices where they have access to the local security stack (routers and firewalls). They cannot install the Netskope client.
- A. They can secure the targeted outbound traffic using Netskope's Cloud Threat Exchange (CTE).
- B. They can deploy Netskope's DPOP to steer the targeted traffic to the Netskope Security Cloud.
- C. They can use IPsec and GRE tunnels with Cloud Firewall.
- D. They can configure Reverse Proxy integrated with their IdP.
Answer: C
Explanation:
The correct solution is to use IPsec and GRE tunnels with Cloud Firewall. Netskope Cloud Firewall supports secure tunneling methods such as IPsec and GRE, enabling companies to steer traffic to the Netskope Security Cloud without requiring the Netskope client. This is particularly useful when endpoint installation of the client is not feasible, such as in remote offices where network infrastructure like routers and firewalls are available.
NEW QUESTION # 55
Your company needs to keep quarantined files that have been triggered by a DLP policy. In this scenario, which statement Is true?
- A. The files are stored on the administrator console PC assigned In the Quarantine profile.
- B. The files are stored In the Netskope data center assigned in the Quarantine profile.
- C. The files are stored In the Cloud provider assigned In the Quarantine profile.
- D. The files are stofed remotely In your data center assigned In the Quarantine profile.
Answer: B
Explanation:
When a policy flags a file to be quarantined, that file is placed in a quarantine folder and a tombstone file is put in the original location in its place. The quarantine folder is located in the Netskope data center assigned in the Quarantine profile. The Quarantine profile is configured in Settings > Threat Protection > API-enabled Protection. The quarantined file is zipped and protected with a password to prevent users from inadvertently downloading the file. Netskope then notifies the admin specified in the profile1. Therefore, option B is correct and the other options are incorrect. References: Quarantine - Netskope Knowledge Portal, Threat Protection - Netskope Knowledge Portal
NEW QUESTION # 56
Your customer implements Netskope Secure Web Gateway to secure all Web traffic. While they have created policies to block certain categories, there are many new sites available dally that are not yet categorized. The customer's users need quick access and cannot wait to put in a request to gain access requiring a policy change or have the site's category changed.
To solve this problem, which Netskope feature would provide quick, safe access to these types of sites?
- A. Netskope SaaS Security Posture Management (SSPM)
- B. Netskope Continuous Security Assessment (CSA)
- C. Netskope Cloud Firewall (CFW)
- D. Netskope Remote Browser Isolation (RBI)
Answer: D
Explanation:
To solve the problem of providing quick, safe access to uncategorized and risky websites, the Netskope feature that the customer should use is Netskope Remote Browser Isolation (RBI). Netskope RBI is a part of the Netskope Secure Web Gateway offering that intercepts a user's browsing session to a website, acting as a proxy that fetches the content for that user and renders the content in an isolated browsing instance. The rendered content is delivered to the user's browser as a safe stream of pixels. This safely silos the end user's device and the enterprise network and systems, separating it from their browsing activity and restricting the ability of an attacker to establish control and / or breach other systems and exfiltrate data1. Netskope RBI can be easily invoked with an 'isolate' policy action within the Netskope Security Cloud for any website category or domain2. Therefore, option B is correct and the other options are incorrect. References: Remote Browser Isolation - Netskope Knowledge Portal, Netskope Remote Browser Isolation - Netskope
NEW QUESTION # 57
......
Latest NSK200 dumps - Instant Download PDF: https://examcollection.actualcollection.com/NSK200-exam-questions.html