Practice Free NSK101 Exam Online Questions
Question #1
What are two correct methods to gather logs from the Netskope Client? (Choose two.)
- A . From the Netskope Console in the device detail view, select Collect Log.
- B . Right-click on the Netskope task tray icon and click Save Logs…
- C . Open the Netskope Client application and click the Advanced Debugging button.
- D . Search for the systeminfo.log file in Explorer and submit the results.
Correct Answer: A, B
A, B
Explanation:
From the Netskope Console in the device detail view, select Collect Log:
Step 1: Access the Netskope Admin Console.
Step 2: Navigate to the specific device detail view.
Step 3: Locate and select the "Collect Log" option.
Reference: This method is described in the Netskope documentation under device management and log collection sections.
Right-click on the Netskope task tray icon and click Save Logs…:
Step 1: Go to the device running the Netskope Client.
Step 2: Locate the Netskope icon in the task tray.
Step 3: Right-click on the Netskope icon.
Step 4: Select "Save Logs…" from the context menu.
Reference: This method is commonly described in user guides for collecting logs locally from client applications.
Reference: Netskope Knowledge Portal: Detailed guides on collecting logs via the Netskope Console and client applications.
A, B
Explanation:
From the Netskope Console in the device detail view, select Collect Log:
Step 1: Access the Netskope Admin Console.
Step 2: Navigate to the specific device detail view.
Step 3: Locate and select the "Collect Log" option.
Reference: This method is described in the Netskope documentation under device management and log collection sections.
Right-click on the Netskope task tray icon and click Save Logs…:
Step 1: Go to the device running the Netskope Client.
Step 2: Locate the Netskope icon in the task tray.
Step 3: Right-click on the Netskope icon.
Step 4: Select "Save Logs…" from the context menu.
Reference: This method is commonly described in user guides for collecting logs locally from client applications.
Reference: Netskope Knowledge Portal: Detailed guides on collecting logs via the Netskope Console and client applications.
Question #2
Your company has implemented Netskope’s Cloud Firewall and requires that all FTP connections are blocked regardless of the ports being used.
Which two statements correctly identify how to block FTP access? (Choose two.)
- A . Create a Real-time Protection policy with FTP as the destination application and Block as the action.
- B . Create a Real-time Protection policy with a custom Firewall App Definition for TCP port 21 as the destination application and Block as the action.
- C . Ensure there are no Real-time Protection polices that allow FTP and change the default non-Web action to Block.
- D . Create a custom Firewall App Definition for TCP port 21 and add it to the default tenant Steering Configuration as an exception.
Correct Answer: A, B
A, B
Explanation:
To block all FTP connections regardless of the ports being used, the following steps should be taken using Netskope’s Cloud Firewall:
Real-time Protection Policy:
Create a Real-time Protection policy where FTP is defined as the destination application.
Set the action to "Block" to ensure that any FTP traffic is blocked regardless of the port being used.
Custom Firewall App Definition:
Create a custom Firewall App Definition specifically for TCP port 21.
Define the action as "Block" to ensure any traffic directed to this port is blocked, preventing FTP access.
These configurations ensure that FTP traffic is effectively blocked, securing the network from potential threats and unauthorized data transfers via FTP.
A, B
Explanation:
To block all FTP connections regardless of the ports being used, the following steps should be taken using Netskope’s Cloud Firewall:
Real-time Protection Policy:
Create a Real-time Protection policy where FTP is defined as the destination application.
Set the action to "Block" to ensure that any FTP traffic is blocked regardless of the port being used.
Custom Firewall App Definition:
Create a custom Firewall App Definition specifically for TCP port 21.
Define the action as "Block" to ensure any traffic directed to this port is blocked, preventing FTP access.
These configurations ensure that FTP traffic is effectively blocked, securing the network from potential threats and unauthorized data transfers via FTP.
Question #3
An administrator has created a DLP rule to search for text within documents that match a specific pattern. After creating a Real-time Protection Policy to make use of this DLP rule, the administrator suspects the rule is generating false positives.
Within the Netskope tenant, which feature allows administrators to review the data that was matched by the DLP rule?
- A . Risk Insights
- B . Forensic
- C . Quarantine
- D . Leaal Hold
Correct Answer: B
B
Explanation:
When an administrator suspects that a DLP rule is generating false positives, the Forensic feature within the Netskope tenant allows for reviewing the data that was matched by the DLP rule. This feature provides detailed logs and insights into why a specific piece of data was flagged, enabling the administrator to analyze and adjust the rule as needed.
To access and use the Forensic feature:
Navigate to the Forensic section in the Netskope UI.
Review the detailed logs and matched data to understand the context and reason behind each match.
Adjust the DLP rules if necessary to reduce false positives and improve accuracy.
Reference: Netskope REST API Overview.
Netskope SDK Documentation.
B
Explanation:
When an administrator suspects that a DLP rule is generating false positives, the Forensic feature within the Netskope tenant allows for reviewing the data that was matched by the DLP rule. This feature provides detailed logs and insights into why a specific piece of data was flagged, enabling the administrator to analyze and adjust the rule as needed.
To access and use the Forensic feature:
Navigate to the Forensic section in the Netskope UI.
Review the detailed logs and matched data to understand the context and reason behind each match.
Adjust the DLP rules if necessary to reduce false positives and improve accuracy.
Reference: Netskope REST API Overview.
Netskope SDK Documentation.
Question #4
Your customer asks you to secure all Web traffic as part of the initial configuration.
In the Netskope platform, which statement is correct in this scenario?
- A . Add the all Web traffic option to the steering configuration.
- B . Netskope automatically steers all Web traffic.
- C . Netskope cannot steer Web traffic.
- D . Select all Web traffic in the SSL decryption section.
Correct Answer: A
A
Explanation:
To secure all web traffic as part of the initial configuration in the Netskope platform, you need to:
Add the all Web traffic option to the steering configuration: This ensures that all web traffic is routed through Netskope for inspection and policy enforcement. By steering all web traffic, you enable Netskope to apply security measures, such as SSL decryption, threat protection, and DLP, to all HTTP and HTTPS traffic.
Netskope does not automatically steer all web traffic by default; it requires configuration in the steering policies. Selecting all web traffic in the SSL decryption section only pertains to decrypting traffic, not the actual steering of the traffic.
Reference: Netskope documentation on configuring steering settings and policies.
Guidelines for setting up web traffic steering and SSL decryption in the Netskope platform.
A
Explanation:
To secure all web traffic as part of the initial configuration in the Netskope platform, you need to:
Add the all Web traffic option to the steering configuration: This ensures that all web traffic is routed through Netskope for inspection and policy enforcement. By steering all web traffic, you enable Netskope to apply security measures, such as SSL decryption, threat protection, and DLP, to all HTTP and HTTPS traffic.
Netskope does not automatically steer all web traffic by default; it requires configuration in the steering policies. Selecting all web traffic in the SSL decryption section only pertains to decrypting traffic, not the actual steering of the traffic.
Reference: Netskope documentation on configuring steering settings and policies.
Guidelines for setting up web traffic steering and SSL decryption in the Netskope platform.
Question #5
Your company started deploying the latest version of the Netskope Client and you want to track the progress and device count using Netskope.
Which two statements are correct in this scenario? (Choose two.)
- A . Use Netskope Digital Experience Management to monitor the status.
- B . Use the Devices page under Settings to view and filter the required data.
- C . Review the Group definitions under Settings to determine the number of deployed clients.
- D . Review the Steering Configuration to determine the number of deployed clients.
Correct Answer: A, B
A, B
Explanation:
To track the progress and device count of the latest Netskope Client deployment, you can use the following methods:
Use Netskope Digital Experience Management to monitor the status:
Netskope Digital Experience Management (DEM) provides visibility into the performance and status of applications and devices. You can use this tool to monitor the deployment status and ensure that the new client version is being deployed correctly across the organization.
Use the Devices page under Settings to view and filter the required data:
The Devices page in the Netskope console provides detailed information about all devices managed by Netskope. You can filter this data to view the specific deployment status of the latest Netskope Client version, helping you track the progress and identify any issues.
Reference: Netskope Knowledge Portal: Digital Experience Management
Netskope Knowledge Portal: Devices Page
A, B
Explanation:
To track the progress and device count of the latest Netskope Client deployment, you can use the following methods:
Use Netskope Digital Experience Management to monitor the status:
Netskope Digital Experience Management (DEM) provides visibility into the performance and status of applications and devices. You can use this tool to monitor the deployment status and ensure that the new client version is being deployed correctly across the organization.
Use the Devices page under Settings to view and filter the required data:
The Devices page in the Netskope console provides detailed information about all devices managed by Netskope. You can filter this data to view the specific deployment status of the latest Netskope Client version, helping you track the progress and identify any issues.
Reference: Netskope Knowledge Portal: Digital Experience Management
Netskope Knowledge Portal: Devices Page
Question #6
You just deployed the Netskope client in Web mode and several users mention that their messenger application is no longer working. Although you have a specific real-time policy that allows this application, upon further investigation you discover that it is using proprietary encryption. You need to permit access to all the users and maintain some visibility.
In this scenario, which configuration change would accomplish this task?
- A . Change the real-time policy to block the messenger application.
- B . Create a new custom cloud application using the custom connector that can be used in the real-time policy.
- C . Add a policy in the SSL decryption section to bypass the messenger domain(s).
- D . Edit the steering configuration and add a steering exception for the messenger application.
Correct Answer: C
C
Explanation:
In this scenario, you have deployed the Netskope client in Web mode, which is a feature that allows you to steer your users’ web traffic to Netskope for inspection and policy enforcement. However, some users report that their messenger application is no longer working, even though you have a specific real-time policy that allows this application. Upon further investigation, you discover that the messenger application is using proprietary encryption, which means that Netskope cannot decrypt or inspect the traffic from this application. To resolve this issue, you need to permit access to all the users and maintain some visibility. The configuration change that would accomplish this task is to add a policy in the SSL decryption section to bypass the messenger domain(s). This will allow Netskope to skip the decryption process for the traffic from the messenger application and pass it through without any modification. However, Netskope will still be able to log some basic information about the traffic, such as source, destination, bytes, etc., for visibility purposes. Changing the real-time policy to block the messenger application, creating a new custom cloud application using the custom connector, or editing the steering configuration and adding a steering exception for the messenger application are not configuration changes that would accomplish this task, as they would either prevent access to the application, require additional steps or resources, or reduce visibility.
Reference: [Netskope Client], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 4: Decryption Policy.
C
Explanation:
In this scenario, you have deployed the Netskope client in Web mode, which is a feature that allows you to steer your users’ web traffic to Netskope for inspection and policy enforcement. However, some users report that their messenger application is no longer working, even though you have a specific real-time policy that allows this application. Upon further investigation, you discover that the messenger application is using proprietary encryption, which means that Netskope cannot decrypt or inspect the traffic from this application. To resolve this issue, you need to permit access to all the users and maintain some visibility. The configuration change that would accomplish this task is to add a policy in the SSL decryption section to bypass the messenger domain(s). This will allow Netskope to skip the decryption process for the traffic from the messenger application and pass it through without any modification. However, Netskope will still be able to log some basic information about the traffic, such as source, destination, bytes, etc., for visibility purposes. Changing the real-time policy to block the messenger application, creating a new custom cloud application using the custom connector, or editing the steering configuration and adding a steering exception for the messenger application are not configuration changes that would accomplish this task, as they would either prevent access to the application, require additional steps or resources, or reduce visibility.
Reference: [Netskope Client], Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 4: Decryption Policy.
Question #7
You are creating a real-time policy for cloud applications.
In addition to users, groups, and organizational units, which two source criteria would support this scenario? (Choose two.)
- A . protocol version
- B . access method
- C . browser version
- D . device classification
Correct Answer: BD
BD
Explanation:
When creating a real-time policy for cloud applications, you can use access method and device classification as source criteria, in addition to users, groups, and organizational units. Access method refers to how the user accesses the cloud application, such as browser, sync client, mobile app, etc. Device classification refers to the type of device used by the user, such as managed or unmanaged, Windows or Mac, etc. These criteria can help you define granular policies based on different scenarios and risks.
Reference: [Creating Real-Time Policies for Cloud Applications]
BD
Explanation:
When creating a real-time policy for cloud applications, you can use access method and device classification as source criteria, in addition to users, groups, and organizational units. Access method refers to how the user accesses the cloud application, such as browser, sync client, mobile app, etc. Device classification refers to the type of device used by the user, such as managed or unmanaged, Windows or Mac, etc. These criteria can help you define granular policies based on different scenarios and risks.
Reference: [Creating Real-Time Policies for Cloud Applications]
Question #8
Which three statements about Netskope Private Access Publishers are correct? (Choose three.)
- A . Publishers can run on Windows or Linux servers.
- B . Publishers can be deployed in both private data centers and public cloud providers to provide access to applications across disparate locations.
- C . Publisher deployment can be automated in public cloud environments using Netskope’s REST API.
- D . Publishers only make outbound connections to the Netskope Security Cloud which reduces the amount of public exposure.
- E . Publishers can be deployed as hardware or software appliances to provide access to applications across disparate locations.
Correct Answer: ABD
ABD
Explanation:
The following statements about Netskope Private Access Publishers are correct:
Publishers can run on Windows or Linux servers:
Publishers are versatile and can be installed on both Windows and Linux operating systems.
Publishers can be deployed in both private data centers and public cloud providers to provide access to applications across disparate locations:
This flexibility allows organizations to use Publishers to connect applications hosted in various environments, ensuring seamless access across locations.
Publishers only make outbound connections to the Netskope Security Cloud which reduces the amount of public exposure:
By making only outbound connections, Publishers minimize the attack surface, enhancing security by reducing public exposure.
Reference: Netskope Private Access Deployment Guide
Netskope REST API v2 Overview
ABD
Explanation:
The following statements about Netskope Private Access Publishers are correct:
Publishers can run on Windows or Linux servers:
Publishers are versatile and can be installed on both Windows and Linux operating systems.
Publishers can be deployed in both private data centers and public cloud providers to provide access to applications across disparate locations:
This flexibility allows organizations to use Publishers to connect applications hosted in various environments, ensuring seamless access across locations.
Publishers only make outbound connections to the Netskope Security Cloud which reduces the amount of public exposure:
By making only outbound connections, Publishers minimize the attack surface, enhancing security by reducing public exposure.
Reference: Netskope Private Access Deployment Guide
Netskope REST API v2 Overview
Question #9
When using an out-of-band API connection with your sanctioned cloud service, what are two capabilities available to the administrator? (Choose two.)
- A . to quarantine malware
- B . to find sensitive content
- C . to block uploads
- D . to allow real-time access
Correct Answer: AB
AB
Explanation:
When using an out-of-band API connection with your sanctioned cloud service, two capabilities available to the administrator are: to quarantine malware and to find sensitive content. An out-of-band API connection is a method of integrating Netskope with your cloud service provider using the APIs exposed by the cloud service. This allows Netskope to access the data that is already stored in the cloud service and perform retrospective inspection and enforcement of policies. One capability that the administrator can use with an out-of-band API connection is to quarantine malware. This means that Netskope can scan the files in the cloud service for malware, ransomware, phishing, and other threats, and move them to a quarantine folder or delete them if they are found to be malicious. Another capability that the administrator can use with an out-of-band API connection is to find sensitive content. This means that Netskope can scan the files in the cloud service for sensitive data, such as personal information, intellectual property, or regulated data, and apply data loss prevention (DLP) policies to protect them. For example, Netskope can encrypt, redact, or watermark the files that contain sensitive content, or notify the administrator or the file owner about the exposure.
Reference: Netskope API ProtectionReal-time Control and Data Protection via Out-of-Band API
AB
Explanation:
When using an out-of-band API connection with your sanctioned cloud service, two capabilities available to the administrator are: to quarantine malware and to find sensitive content. An out-of-band API connection is a method of integrating Netskope with your cloud service provider using the APIs exposed by the cloud service. This allows Netskope to access the data that is already stored in the cloud service and perform retrospective inspection and enforcement of policies. One capability that the administrator can use with an out-of-band API connection is to quarantine malware. This means that Netskope can scan the files in the cloud service for malware, ransomware, phishing, and other threats, and move them to a quarantine folder or delete them if they are found to be malicious. Another capability that the administrator can use with an out-of-band API connection is to find sensitive content. This means that Netskope can scan the files in the cloud service for sensitive data, such as personal information, intellectual property, or regulated data, and apply data loss prevention (DLP) policies to protect them. For example, Netskope can encrypt, redact, or watermark the files that contain sensitive content, or notify the administrator or the file owner about the exposure.
Reference: Netskope API ProtectionReal-time Control and Data Protection via Out-of-Band API
Question #10
A new customer is concerned about performance, especially with respect to Microsoft 365. They have offices in 20 countries around the world and their workforce is mostly mobile.
In this scenario, which two statements about NewEdge would align with the customer’s requirements? (Choose two.)
- A . NewEdge accurately identifies Microsoft 365 violations and data risks.
- B . NewEdge provides advanced public cloud infrastructure security.
- C . NewEdge provides direct peering with Microsoft in every data center.
- D . NewEdge delivers a single, unified network with all services available in all locations worldwide.
Correct Answer: C, D
C, D
Explanation:
NewEdge is Netskope’s security private cloud, offering high-performance, low-latency access to the internet and cloud services.
For a customer concerned about performance, especially with respect to Microsoft 365, NewEdge provides significant benefits:
Direct Peering with Microsoft: NewEdge establishes direct peering connections with Microsoft in every data center. This ensures optimal routing and performance for Microsoft 365 services, which is crucial for customers with a global, mobile workforce.
Unified Global Network: NewEdge delivers a single, unified network with all security services available in all locations worldwide. This ensures consistent security policies and performance regardless of where users are located, providing seamless access and reducing latency.
C, D
Explanation:
NewEdge is Netskope’s security private cloud, offering high-performance, low-latency access to the internet and cloud services.
For a customer concerned about performance, especially with respect to Microsoft 365, NewEdge provides significant benefits:
Direct Peering with Microsoft: NewEdge establishes direct peering connections with Microsoft in every data center. This ensures optimal routing and performance for Microsoft 365 services, which is crucial for customers with a global, mobile workforce.
Unified Global Network: NewEdge delivers a single, unified network with all security services available in all locations worldwide. This ensures consistent security policies and performance regardless of where users are located, providing seamless access and reducing latency.