Practice Free NSK101 Exam Online Questions
Question #31
Which three statements are correct about Netskope’s NewEdge Security Cloud Network Infrastructure? (Choose three.)
- A . It takes advantage of the public cloud by deploying security services on Google Cloud Platform.
- B . It includes direct peering with Microsoft and Google in every data center.
- C . It is a private security cloud network that is massively over provisioned, highly elastic, and built for scale.
- D . It delivers a single, unified network with no surcharges or reliance on public cloud infrastructure or virtual PoPs.
- E . It simplifies the administrator’s job by limiting access to pre-defined availability zones.
Correct Answer: BCD
BCD
Explanation:
Netskope’s NewEdge Security Cloud Network Infrastructure is a global network that powers the Netskope Security Cloud, providing real-time inline and out-of-band API-driven services for cloud and web security. Three statements that are correct about Netskope’s NewEdge Security Cloud Network Infrastructure are:
It includes direct peering with Microsoft and Google in every data center. This means that Netskope has established high-speed, low-latency connections with these major cloud service providers, ensuring optimal performance and user experience for their customers. Direct peering also reduces the risk of network congestion, packet loss, or routing issues that may affect the quality of service.
It is a private security cloud network that is massively over provisioned, highly elastic, and built for scale. This means that Netskope owns and operates its own network infrastructure, without relying on third-party providers or public cloud platforms. Netskope has invested over $150 million to build the world’s largest and fastest security private cloud, with data centers in more than 65 regions and growing. Netskope can dynamically scale its network capacity and resources to meet the growing demand and traffic volume of its customers, without compromising on security or performance.
It delivers a single, unified network with no surcharges or reliance on public cloud infrastructure or virtual PoPs. This means that Netskope provides a consistent and transparent network service to its customers, regardless of their location or device. Netskope does not charge any additional fees or hidden costs for accessing its network services, unlike some other providers that may impose surcharges based on geography or bandwidth usage. Netskope also does not use virtual points of presence (PoPs) that are hosted on public cloud platforms, which may introduce latency, complexity, or security risks.
Reference: Netskope NewEdgeNetskope NewEdge Data SheetNetskope SASE
BCD
Explanation:
Netskope’s NewEdge Security Cloud Network Infrastructure is a global network that powers the Netskope Security Cloud, providing real-time inline and out-of-band API-driven services for cloud and web security. Three statements that are correct about Netskope’s NewEdge Security Cloud Network Infrastructure are:
It includes direct peering with Microsoft and Google in every data center. This means that Netskope has established high-speed, low-latency connections with these major cloud service providers, ensuring optimal performance and user experience for their customers. Direct peering also reduces the risk of network congestion, packet loss, or routing issues that may affect the quality of service.
It is a private security cloud network that is massively over provisioned, highly elastic, and built for scale. This means that Netskope owns and operates its own network infrastructure, without relying on third-party providers or public cloud platforms. Netskope has invested over $150 million to build the world’s largest and fastest security private cloud, with data centers in more than 65 regions and growing. Netskope can dynamically scale its network capacity and resources to meet the growing demand and traffic volume of its customers, without compromising on security or performance.
It delivers a single, unified network with no surcharges or reliance on public cloud infrastructure or virtual PoPs. This means that Netskope provides a consistent and transparent network service to its customers, regardless of their location or device. Netskope does not charge any additional fees or hidden costs for accessing its network services, unlike some other providers that may impose surcharges based on geography or bandwidth usage. Netskope also does not use virtual points of presence (PoPs) that are hosted on public cloud platforms, which may introduce latency, complexity, or security risks.
Reference: Netskope NewEdgeNetskope NewEdge Data SheetNetskope SASE
Question #32
What correctly defines the Zero Trust security model?
- A . least privilege access
- B . multi-layered security
- C . strong authentication
- D . double encryption
Correct Answer: A
A
Explanation:
The term that correctly defines the Zero Trust security model is least privilege access. The Zero Trust security model is a modern security strategy based on the principle: never trust, always verify. Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an open network. One of the core principles of the Zero Trust model is to use least privilege access, which means granting users or systems only the minimum level of access they need to perform their tasks, and only for a limited time. This helps reduce the attack surface and minimize the impact of a potential breach.
Reference: Zero Trust Security – microsoft.comWhat is Zero Trust Security? Principles of the Zero Trust Model
A
Explanation:
The term that correctly defines the Zero Trust security model is least privilege access. The Zero Trust security model is a modern security strategy based on the principle: never trust, always verify. Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an open network. One of the core principles of the Zero Trust model is to use least privilege access, which means granting users or systems only the minimum level of access they need to perform their tasks, and only for a limited time. This helps reduce the attack surface and minimize the impact of a potential breach.
Reference: Zero Trust Security – microsoft.comWhat is Zero Trust Security? Principles of the Zero Trust Model
Question #33
Which two statements are correct about Netskope’s NewEdge Security Cloud Network Infrastructure? (Choose two.)
- A . It utilizes virtual POPs for traffic onboarding ensuring low latency.
- B . It includes direct peering with Microsoft and Google in every data center.
- C . It is a private security cloud network that is over-provisioned, elastic, and built for scale.
- D . It utilizes multiple public cloud providers for inline services ensuring high availability and elasticity.
Correct Answer: BC
BC
Explanation:
Netskope’s NewEdge Security Cloud Network Infrastructure is designed to provide high performance, security, and scalability for cloud traffic. The following statements are correct about this infrastructure:
It includes direct peering with Microsoft and Google in every data center:
Netskope has established direct peering relationships with major cloud service providers like Microsoft and Google. This direct peering ensures optimized and low-latency connections to these services, improving performance for end-users.
It is a private security cloud network that is over-provisioned, elastic, and built for scale:
The NewEdge network is a private security cloud network that is designed to be highly scalable and elastic. It is over-provisioned to handle large volumes of traffic and can scale up as needed to meet demand. This ensures high availability and performance for users accessing cloud services.
Reference: Netskope NewEdge Overview
Netskope Knowledge Portal: NewEdge Network
BC
Explanation:
Netskope’s NewEdge Security Cloud Network Infrastructure is designed to provide high performance, security, and scalability for cloud traffic. The following statements are correct about this infrastructure:
It includes direct peering with Microsoft and Google in every data center:
Netskope has established direct peering relationships with major cloud service providers like Microsoft and Google. This direct peering ensures optimized and low-latency connections to these services, improving performance for end-users.
It is a private security cloud network that is over-provisioned, elastic, and built for scale:
The NewEdge network is a private security cloud network that is designed to be highly scalable and elastic. It is over-provisioned to handle large volumes of traffic and can scale up as needed to meet demand. This ensures high availability and performance for users accessing cloud services.
Reference: Netskope NewEdge Overview
Netskope Knowledge Portal: NewEdge Network
Question #34
Which two capabilities are part of Netskope’s Adaptive Zero Trust Data Protection? (Choose two.)
- A . contextual risk awareness
- B . continuous adaptive policies
- C . continuous enforcement of all policies
- D . contextual metadata storage
Correct Answer: A, B
A, B
Explanation:
Adaptive Zero Trust Data Protection Overview:
Netskope’s Adaptive Zero Trust Data Protection ensures that data is protected based on continuous risk assessments and adaptive policies that respond to changing contexts and threats.
Contextual Risk Awareness:
This capability involves understanding the context around data access and usage to assess risk dynamically.
Netskope leverages various signals such as user behavior, device security posture, location, and other factors to gauge risk levels.
By continuously evaluating these factors, Netskope can enforce appropriate security measures in real-time.
Continuous Adaptive Policies:
Policies in the Netskope platform adapt continuously based on the assessed risk and changing contexts.
These policies are not static; they evolve based on ongoing risk assessments and threat intelligence. Adaptive policies ensure that security measures are always aligned with the current threat landscape and organizational requirements.
Reference: For detailed capabilities and how they are implemented, refer to the Netskope documentation on Adaptive Zero Trust Data Protection.
A, B
Explanation:
Adaptive Zero Trust Data Protection Overview:
Netskope’s Adaptive Zero Trust Data Protection ensures that data is protected based on continuous risk assessments and adaptive policies that respond to changing contexts and threats.
Contextual Risk Awareness:
This capability involves understanding the context around data access and usage to assess risk dynamically.
Netskope leverages various signals such as user behavior, device security posture, location, and other factors to gauge risk levels.
By continuously evaluating these factors, Netskope can enforce appropriate security measures in real-time.
Continuous Adaptive Policies:
Policies in the Netskope platform adapt continuously based on the assessed risk and changing contexts.
These policies are not static; they evolve based on ongoing risk assessments and threat intelligence. Adaptive policies ensure that security measures are always aligned with the current threat landscape and organizational requirements.
Reference: For detailed capabilities and how they are implemented, refer to the Netskope documentation on Adaptive Zero Trust Data Protection.
Question #35
Click the Exhibit button.
A user is connected to a SaaS application through Netskope’s Next Gen SWG with SSL inspection enabled.
In this scenario, what information is available in SkopeIT? (Choose three.)
- A . User activity, CCL
- B . Destination IP, OS patch version
- C . Account instance, category
- D . Username, source location
- E . File version, shared folder
Correct Answer: ACD
ACD
Explanation:
In the scenario where a user is connected to a SaaS application through Netskope’s Next Gen Secure Web Gateway (SWG) with SSL inspection enabled, the following information is available in SkopeIT:
User activity, CCL: SkopeIT provides detailed logs of user activities, including actions taken within SaaS applications, and uses the Cloud Confidence Level (CCL) to rate the trustworthiness of cloud applications.
Account instance, category: It logs information about the specific instance of the account being accessed and categorizes the type of service or application in use, which helps in identifying the context of the user’s activities.
Username, source location: The username of the user accessing the SaaS application and their source location (such as IP address or geographic location) are logged for audit and compliance purposes.
Reference: Netskope documentation on SSL inspection and SkopeIT logging.
Detailed configuration guides on using Next Gen SWG and the types of data collected by SkopeIT.
ACD
Explanation:
In the scenario where a user is connected to a SaaS application through Netskope’s Next Gen Secure Web Gateway (SWG) with SSL inspection enabled, the following information is available in SkopeIT:
User activity, CCL: SkopeIT provides detailed logs of user activities, including actions taken within SaaS applications, and uses the Cloud Confidence Level (CCL) to rate the trustworthiness of cloud applications.
Account instance, category: It logs information about the specific instance of the account being accessed and categorizes the type of service or application in use, which helps in identifying the context of the user’s activities.
Username, source location: The username of the user accessing the SaaS application and their source location (such as IP address or geographic location) are logged for audit and compliance purposes.
Reference: Netskope documentation on SSL inspection and SkopeIT logging.
Detailed configuration guides on using Next Gen SWG and the types of data collected by SkopeIT.
Question #36
Which statement is correct about Netskope’s Instance Awareness?
- A . It prevents users from browsing the Internet using outdated Microsoft Internet Explorer but allows them access if they use the latest version of Microsoft Edge.
- B . It identifies that a form hosted in Microsoft Forms belongs to the corporate Microsoft 365 tenant and not a tenant from a third party.
- C . It differentiates personal code from work-related code being uploaded to GitHub.
- D . It identifies if e-mails are being sent using Microsoft 365 through Outlook, Thunderbird, or the Web application in outlook.com.
Correct Answer: B
B
Explanation:
Instance Awareness in Netskope provides visibility and control over instances of applications used by the organization. Specifically, it helps in differentiating between corporate and personal instances of the same application. This feature is particularly crucial in ensuring that corporate data is not uploaded to personal instances of applications and vice versa.
For example, it can identify that a form hosted in Microsoft Forms belongs to the corporate Microsoft 365 tenant, thereby preventing data from being mistakenly or maliciously sent to a third-party tenant. This ensures that only authorized instances of applications are used for corporate data, maintaining data security and compliance.
Reference: Using the REST API v2 UCI Impact Endpoints – Netskope Knowledge Portal
REST API v2 Overview – Netskope Knowledge Portal
Using the REST API v2 dataexport Iterator Endpoints – Netskope Knowledge Portal
B
Explanation:
Instance Awareness in Netskope provides visibility and control over instances of applications used by the organization. Specifically, it helps in differentiating between corporate and personal instances of the same application. This feature is particularly crucial in ensuring that corporate data is not uploaded to personal instances of applications and vice versa.
For example, it can identify that a form hosted in Microsoft Forms belongs to the corporate Microsoft 365 tenant, thereby preventing data from being mistakenly or maliciously sent to a third-party tenant. This ensures that only authorized instances of applications are used for corporate data, maintaining data security and compliance.
Reference: Using the REST API v2 UCI Impact Endpoints – Netskope Knowledge Portal
REST API v2 Overview – Netskope Knowledge Portal
Using the REST API v2 dataexport Iterator Endpoints – Netskope Knowledge Portal
Question #37
You are required to present a view of all upload activities completed by users tunneled from the Los Angeles office to cloud storage applications.
Which two basic filters would you use on the SkopeIT Applications page to satisfy this requirement? (Choose two.)
- A . Activity
- B . Access Method
- C . Action
- D . CCL
Correct Answer: A, B
A, B
Explanation:
To present a view of all upload activities completed by users tunneled from the Los Angeles office to cloud storage applications, the following two basic filters should be used on the SkopeIT Applications page:
Activity: This filter will allow you to specify the type of activity, in this case, "upload."
Access Method: This filter will help to specify the method of access, which is necessary to filter activities that are tunneled.
These filters combined will provide a comprehensive view of the required activities. For further details, please refer to the Netskope documentation on setting up and using filters in SkopeIT Applications.
Reference: Netskope Knowledge Portal: REST API v2 Overview.
Postman Collection: API v2.
A, B
Explanation:
To present a view of all upload activities completed by users tunneled from the Los Angeles office to cloud storage applications, the following two basic filters should be used on the SkopeIT Applications page:
Activity: This filter will allow you to specify the type of activity, in this case, "upload."
Access Method: This filter will help to specify the method of access, which is necessary to filter activities that are tunneled.
These filters combined will provide a comprehensive view of the required activities. For further details, please refer to the Netskope documentation on setting up and using filters in SkopeIT Applications.
Reference: Netskope Knowledge Portal: REST API v2 Overview.
Postman Collection: API v2.
Question #38
You are working with a large retail chain and have concerns about their customer data. You want to protect customer credit card data so that it is never exposed in transit or at rest.
In this scenario, which regulatory compliance standard should be used to govern this data?
- A . SOC 3
- B . PCI-DSS
- C . AES-256
- D . ISO 27001
Correct Answer: B
B
Explanation:
PCI-DSS stands for Payment Card Industry Data Security Standard, which is a set of security requirements for organizations that handle credit card data. It aims to protect cardholder data from unauthorized access, disclosure, or theft, both in transit and at rest. PCI-DSS covers various aspects of security, such as encryption, authentication, firewall, logging, monitoring, and incident response. If you are working with a large retail chain and have concerns about their customer data, you should use PCI-DSS as the regulatory compliance standard to govern this data. SOC 3, AES-256, and ISO 27001 are not specific to credit card data protection, although they may have some relevance to general security practices.
Reference: [PCI-DSS], [SOC 3], [AES-256], [ISO 27001].
B
Explanation:
PCI-DSS stands for Payment Card Industry Data Security Standard, which is a set of security requirements for organizations that handle credit card data. It aims to protect cardholder data from unauthorized access, disclosure, or theft, both in transit and at rest. PCI-DSS covers various aspects of security, such as encryption, authentication, firewall, logging, monitoring, and incident response. If you are working with a large retail chain and have concerns about their customer data, you should use PCI-DSS as the regulatory compliance standard to govern this data. SOC 3, AES-256, and ISO 27001 are not specific to credit card data protection, although they may have some relevance to general security practices.
Reference: [PCI-DSS], [SOC 3], [AES-256], [ISO 27001].
Question #39
You want to block access to sites that use self-signed certificates.
Which statement is true in this scenario?
- A . Certificate-related settings apply globally to the entire customer tenant.
- B . Certificate-related settings apply to each individual steering configuration level.
- C . Certificate-related settings apply to each individual client configuration level.
- D . Self-signed certificates must be changed to a publicly trusted CA signed certificate.
Correct Answer: B
B
Explanation:
The statement that is true in this scenario is: Certificate-related settings apply to each individual steering configuration level. Certificate-related settings are the options that allow you to configure how Netskope handles SSL/TLS certificates for encrypted web traffic. For example, you can choose whether to allow or block self-signed certificates, expired certificates, revoked certificates, etc. You can also choose whether to enable SSL decryption for specific domains or categories. Certificate-related settings apply to each individual steering configuration level, which means that you can have different settings for different types of traffic or devices. For example, you can have one steering configuration for managed devices and another one for unmanaged devices, and apply different certificate-related settings for each one. This allows you to customize your security policies based on your needs and preferences.
Reference: Netskope SSL DecryptionNetskope Steering Configuration
B
Explanation:
The statement that is true in this scenario is: Certificate-related settings apply to each individual steering configuration level. Certificate-related settings are the options that allow you to configure how Netskope handles SSL/TLS certificates for encrypted web traffic. For example, you can choose whether to allow or block self-signed certificates, expired certificates, revoked certificates, etc. You can also choose whether to enable SSL decryption for specific domains or categories. Certificate-related settings apply to each individual steering configuration level, which means that you can have different settings for different types of traffic or devices. For example, you can have one steering configuration for managed devices and another one for unmanaged devices, and apply different certificate-related settings for each one. This allows you to customize your security policies based on your needs and preferences.
Reference: Netskope SSL DecryptionNetskope Steering Configuration
Question #40
You want to set up a Netskope API connection to Box.
What two actions must be completed to enable this connection? (Choose two.)
- A . Install the Box desktop sync client.
- B . Authorize the Netskope application in Box.
- C . Integrate Box with the corporate IdP.
- D . Configure Box in SaaS API Data protection.
Correct Answer: BD
BD
Explanation:
To set up a Netskope API connection to Box, two actions that must be completed are: authorize the Netskope application in Box and configure Box in SaaS API Data protection. Authorizing the Netskope application in Box allows Netskope to access the Box API and perform out-of-band inspection and enforcement of policies on the data that is already stored in Box. Configuring Box in SaaS API Data protection allows you to specify the Box instance details, such as domain name, admin email, etc., and enable features such as retroactive scan, event stream, etc.
Reference: Authorize Netskope Introspection App on Box Enterprise – Netskope Knowledge PortalConfigure Box Instance in Netskope UI – Netskope Knowledge Portal
BD
Explanation:
To set up a Netskope API connection to Box, two actions that must be completed are: authorize the Netskope application in Box and configure Box in SaaS API Data protection. Authorizing the Netskope application in Box allows Netskope to access the Box API and perform out-of-band inspection and enforcement of policies on the data that is already stored in Box. Configuring Box in SaaS API Data protection allows you to specify the Box instance details, such as domain name, admin email, etc., and enable features such as retroactive scan, event stream, etc.
Reference: Authorize Netskope Introspection App on Box Enterprise – Netskope Knowledge PortalConfigure Box Instance in Netskope UI – Netskope Knowledge Portal