[2024年02月29日] 問題集お試しセットNSK200テストエンジントレーニング問題集には62問あります
Netskope NSK200問題集で100%カバー率リアル試験問題
質問 # 24
Your organization has a homegrown cloud application. You are required to monitor the activities that users perform on this cloud application such as logins, views, and downloaded files. Unfortunately, it seems Netskope is unable to detect these activities by default.
How would you accomplish this goal?
- A. Create a new cloud application definition using the Chrome extension.
- B. Enable access to the application with Netskope Private Access.
- C. Ensure that the cloud application is added as a steering exception.
- D. Ensure that the application is added to the SSL decryption policy.
正解:A
解説:
Explanation
To monitor the activities that users perform on a homegrown cloud application, you need to create a new cloud application definition using the Chrome extension. The Chrome extension is a tool that allows you to record the traffic and activities of any web-based application and create a custom app definition that can be imported into your Netskope tenant1. This way, you can enable Netskope to detect and analyze the activities of your homegrown cloud application and apply policies accordingly. Therefore, option D is correct and the other options are incorrect. References: Creating a Cloud App Definition - Netskope Knowledge Portal
質問 # 25
An engineering firm is using Netskope DLP to identify and block sensitive documents, including schematics and drawings. Lately, they have identified that when these documents are blocked, certain employees may be taking screenshots and uploading them. They want to block any screenshots from being uploaded.
Which feature would you use to satisfy this requirement?
- A. ML image classifier
- B. exact data match (EDM)
- C. document fingerprinting
- D. optical character recognition (OCR)
正解:A
解説:
Explanation
To block any screenshots from being uploaded, the engineering firm should use the ML image classifier feature of Netskope DLP. This feature uses machine learning to detect sensitive information within images, such as screenshots, whiteboards, passports, driver's licenses, etc. The firm can create a DLP policy that blocks any image upload that matches the screenshot classifier. This will prevent employees from circumventing the DLP controls by taking screenshots of sensitive documents. References: Improved DLP Image Classifiers, Netskope Data Loss Prevention, The Importance of a Machine Learning-Based Source Code Classifier
質問 # 26
A city uses many types of forms, including permit applications. These forms contain personal and financial information of citizens. Remote employees download these forms and work directly with the citizens to complete them. The city wants to be able to identify and monitor the specific forms and block the employees from downloading completed forms.
Which feature would you use to accomplish this task?
- A. exact data match (EDM)
- B. optical character recognition (OCR)
- C. document fingerprinting
- D. regular expressions (regex)
正解:C
解説:
Explanation
To identify and monitor the specific forms used by the city and block the employees from downloading completed forms, you need to use document fingerprinting. Document fingerprinting is a feature that allows you to create a unique signature for a document based on its content and structure. You can then use this signature to match other documents that are similar or identical to the original document3. You can create a document fingerprinting profile in Netskope by uploading a sample document or selecting one from your cloud services4. You can then use this profile in your data protection policies to apply actions such as block, alert, or quarantine to the documents that match the fingerprint5. Therefore, option C is correct and the other options are incorrect. References: Document Fingerprinting - Netskope Knowledge Portal, Create a Document Fingerprinting Profile - Netskope Knowledge Portal, Add a Policy for Data Protection - Netskope Knowledge Portal
質問 # 27
Your customer currently only allows users to access the corporate instance of OneDrive using SSO with the Netskope client. The users are not permitted to take their laptops when vacationing, but sometimes they must have access to documents on OneDrive when there is an urgent request. The customer wants to allow employees to remotely access OneDrive from unmanaged devices while enforcing DLP controls to prohibit downloading sensitive files to unmanaged devices.
Which steering method would satisfy the requirements for this scenario?
- A. Use a reverse proxy integrated with their SSO.
- B. Use proxy chaining with their cloud service providers integrated with their SSO.
- C. Use a forward proxy integrated with their SSO.
- D. Use a secure forwarder integrated with an on-premises proxy.
正解:A
解説:
Explanation
A reverse proxy integrated with their SSO would satisfy the requirements for this scenario. A reverse proxy intercepts requests from users to cloud apps and applies policies based on user identity, device posture, app, and data context. It can enforce DLP controls to prohibit downloading sensitive files to unmanaged devices. It can also integrate with the customer's SSO provider to authenticate users and allow access only to the corporate instance of OneDrive.The other steering methods are not suitable for this scenario because they either require the Netskope client or do not provide granular control over cloud app activities.
質問 # 28
Your company has Microsoft Azure ADFS set up as the Identity Provider (idP). You need to deploy the Netskope client to all company users on Windows laptops without user intervention.
In this scenario, which two deployment options would you use? (Choose two.)
- A. Deploy the Netskope client using IdP.
- B. Deploy the Netskope client using an email Invitation.
- C. Deploy the Netskope client with SCCM.
- D. Deploy the Netskope client with Microsoft GPO.
正解:C、D
解説:
Explanation
To deploy the Netskope client to all company users on Windows laptops without user intervention, you can use either SCCM or GPO. These are two methods of packaging the application and pushing it silently to the user's device using Microsoft tools4. These methods donot require the user to have local admin privileges or to initiate the installation themselves. They also allow enforcing the use of the client through company policy. The Netskope client can authenticate the user using Azure ADFS as the identity provider, as long as the UPN of the logged in user matches the directory5
質問 # 29
Review the exhibit.
You are asked to create a DLP profile that will ensure that the data shown in the exhibit cannot be uploaded to a user's personal Google Drive.
What must be used to accomplish this task?
- A. document fingerprinting
- B. INTL-PAN-Name rule
- C. optical character recognition
- D. ML image classifier
正解:C
解説:
Explanation
To create a DLP profile that will ensure that the data shown in the exhibit cannot be uploaded to a user's personal Google Drive, you need to use optical character recognition (OCR). OCR is a feature that allows you to detect and extract text from images and scanned documents. You can use OCR in your DLP profiles to identify sensitive data that is embedded or hidden in images1. In the exhibit, we can see that the data is a credit card number, which is a type of sensitive data that can be easily identified by OCR. You can create a DLP profile that uses OCR and matches the credit card number data identifier or a custom regex expression. You can then apply an action such as block, alert, or quarantine to prevent the data from being uploaded to Google Drive2. Therefore, option C is correct and the other options are incorrect. References: Optical Character Recognition (OCR) - Netskope Knowledge Portal, Add a Policy for Data Protection - Netskope Knowledge Portal
質問 # 30
Review the exhibit.
You receive a service request from a user who indicates that theirNetskope client is in a disabled state. The exhibit shows an excerpt (rom the affected client nsdebuglog.log.
What is the problem in this scenario?
- A. Custom installation parameters are incorrectly specified
- B. User authentication failed during IdP-based enrollment.
- C. The user's account has not been provisioned into Netskope.
- D. The Netskope client connection is being decrypted.
正解:D
解説:
Explanation
The problem in this scenario is that the Netskope client connection is being decrypted by a network security device. This is evident from the log message "ERROR SSL certificate verification failed: self signed certificate in certificate chain". This means that the Netskope client is receiving a certificate that is not issued by Netskope, but by a device that is intercepting and decrypting the traffic between the client and the Netskope cloud. This can cause the client to fail to download the required configuration and remain in a disabled state1.
Therefore, option B is correct and the other options are incorrect. References: Troubleshooting Netskope Client - Netskope Knowledge Portal, Using Netskope Client - Netskope Knowledge Portal
質問 # 31
Your customer has some managed Windows-based endpoints where they cannot add any clients or agents. For their users to have secure access to their SaaS application, you suggest that the customer use Netskope's Explicit Proxy.
Which two configurations are supported for this use case? (Choose two.)
- A. Endpoints can be configured to directly use the Netskope proxy.
- B. Endpoints must be configured in the device section of the tenant to interoperate with all proxies.
- C. Endpoints can be configured to use a Proxy Auto Configuration (PAC) file.
- D. Endpoints must have separate steering configurations in the tenant settings.
正解:A、C
解説:
Explanation
For the use case of managed Windows-based endpoints where no clients or agents can be added, you can suggest that the customer use Netskope's Explicit Proxy. Explicit Proxy is a method for steering traffic from any device to the Netskope Cloud using a proxy server. There are two supported configurations for this use case: Endpoints can be configured to directly use the Netskope proxy by setting the proxy settings in the browser or the operating system to point to the explicit proxy destination provided by Netskope. Endpoints can be configured to use a Proxy Auto Configuration (PAC) file by downloading a PAC file template from Netskope and modifying it according to the customer's needs. The PAC file can be hosted on-premises or on the cloud and distributed to the endpoints. The other options are not valid for this use case. Endpoints do not need separate steering configurations in the tenant settings, as they can use the same explicit proxy destination and port. Endpoints do not need to be configured in the device section of the tenant to interoperate with all proxies, as this is only required for reverse proxy mode. References: Explicit Proxy3, [Explicit Proxy over IPSec and GRE Tunnels]
質問 # 32
You are integrating Netskope tenant administration with an external identity provider. You need to implement role-based access control. Which two statements are true about this scenario? (Choose two.)
- A. Once integrated withIdP. you must append the "locallogin" URL to log in using IdP
- B. You do not need to define the administrators locally in the Netskope tenant after It Is integrated with IdP.
- C. You need to define the administrators locally in the Netskope tenant.
- D. The roles you want to assign must be present in the Netskope tenant.
正解:C、D
解説:
Explanation
To implement role-based access control when integrating Netskope tenant administration with an external identity provider (IdP), two statements that are true about this scenario are A. The roles you want to assign must be present in the Netskope tenant and C. You need to define the administrators locally in the Netskope tenant. Role-based access control (RBAC) is a feature that allows you to assign different levels of permissions and access to the Netskope tenant based on the user's role. You can use RBAC to integrate Netskope tenant administration with an external IdP such as Azure AD or Okta and delegate administrative tasks to different users or groups1. To do this, you need to ensure that the roles you want to assign are present in the Netskope tenant. You can use the predefined roles such as SYSADMIN, AUDITOR, or OPERATOR, or create custom roles with specific privileges2. You also need to define the administrators locally in the Netskope tenant by creating local user accounts and assigning them roles. You can use the same email address as the IdP user account for the local useraccount3. Therefore, options A and C are correct and the other options are incorrect. References: Role-Based Access Control - Netskope Knowledge Portal, Roles - Netskope Knowledge Portal, Integrate with Azure AD - Netskope Knowledge Portal
質問 # 33
You are an administrator writing Netskope Real-time Protection policies and must determine proper policy ordering.
Which two statements are true in this scenario? (Choose two.)
- A. You do not need to create an "allow all" Web Access policy at the bottom.
- B. You must place DLP policies at the bottom.
- C. You must place high-risk block policies at the top.
- D. You must place Netskope private access malware policies in the middle.
正解:A、C
解説:
Explanation
To determine proper policy ordering for Netskope Real-time Protection policies, you need to follow these two statements: B. You do not need to create an "allow all" Web Access policy at the bottom. D. You must place high-risk block policies at the top. These statements are based on the best practices for policy ordering recommended by Netskope3. An "allow all" Web Access policy at the bottom is not necessary because any traffic that does not match any policy will be allowed by default. However, you can create a "monitor all" Web Access policy at the bottom if you want to log all the traffic that is not matched by any other policy4.
High-risk block policies atthe top are important because they prevent any traffic that poses a serious threat or violates a critical compliance standard from reaching its destination. These policies should have higher priority than other policies that may allow or modify the traffic5. Therefore, options B and D are correct and the other options are incorrect. References: Real-time Protection Policies - Netskope Knowledge Portal, Create a Real-time Protection Policy for Web Categories - Netskope Knowledge Portal, Best Practices: Real-time Protection Policies (1 of 2) - Netskope
質問 # 34
You have deployed Netskope Secure Web Gateway (SWG). Users are accessing new URLs that need to be allowed on a daily basis. As an SWG administrator, you are spending a lot of time updating Web policies. You want to automate this process without having to log into the Netskope tenant Which solution would accomplish this task?
- A. You can use Cloud Risk Exchange.
- B. You can use REST API to update the URL list.
- C. You can use Cloud Log Shipper.
- D. You can minimize your work by sharing URLs with Netskope support.
正解:B
解説:
Explanation
To automate the process of updating Web policies without having to log into the Netskope tenant, you can use REST API to update the URL list. REST API is a feature that allows you to use an auth token to make authorized calls to the Netskope API and access resources via URI paths1. You can use REST API to update a URL list with new values by providing the name of an existing URL list and a comma-separated list of URLs or IP addresses2. This can help you automate or script the management of your URL lists and keep them up-to-date. Therefore, option D is correct and the other options are incorrect. References: REST API v2 Overview - Netskope Knowledge Portal, Update a URL List - Netskope Knowledge Portal
質問 # 35
The director of IT asks for confirmation If your organization's Web traffic would be blocked when the Netskope client fails. In this situation, what would confirm the fail close status?
- A. Perform a right-click on the Netskope client icon using your mouse.
- B. Review user settings.
- C. View Application events.
- D. Review the nsdebuglog.log.
正解:D
解説:
Explanation
The method that would confirm the fail close status is B. Review the nsdebuglog.log. The nsdebuglog.log is a log file that contains information about the Netskope client's status, configuration, events, errors, etc. You can review the nsdebuglog.log file to confirm the fail close status by looking for a line that says
"failCloseStatus":"1". This indicates that the fail close option is enabled for the Netskope client4. The fail close option is a feature that allows you to block all web traffic when the Netskope client fails or loses connection to the Netskope cloud5. Therefore, option B is correct and the other options are incorrect. References: Troubleshooting Netskope Client - Netskope Knowledge Portal, Client Configuration - Netskope Knowledge Portal
質問 # 36
You want to allow both the user identities and groups to be imported in the Netskope platform. Which two methods would satisfy this requirement? (Choose two.)
- A. Use System for Cross-domain Identity Management (SCIM).
- B. Use Directory Importer.
- C. Use Manual Entries.
- D. Use Bulk Upload with a CSV file.
正解:A、D
解説:
Explanation
To allow both the user identities and groups to be imported in the Netskope platform, you can use either the System for Cross-domain Identity Management (SCIM) method or the Bulk Upload with a CSV file method.
Both of these methods allow for the import of user identities and groups from different identity providers (IdPs) that support SCIM or CSV formats. The SCIM method is recommended for large-scale deployments, as it automates the exchange of user identity information across apps for user provisioning. The CSV method is recommended for small-scale deployments, as it allows for manual upload of user details in a comma-separated values file. The other methods are not suitable for this requirement. The Manual Entries method does not allow for the import of groups, only user emails. The Directory Importer method does not import users and groups directly into the Netskope platform, but rather connects to an Active Directory or LDAP server and periodically fetches user and group information.
References: Provisioning Users for Netskope Client2, SCIM Integration3, Bulk Upload via CSV file
質問 # 37
You are implementing tenant access security and governance controls for privileged users. You want to start with controls that are natively available within the Netskope Cloud Security Platform and do not require external or third-party integration.
Which three access controls would you use in this scenario? (Choose three.)
- A. IP allowlisting to control access based upon source IP addresses.
- B. History-based access control based on past security actions.
- C. Login attempts to set the number of failed attempts before the admin user is locked out of the Ul.
- D. Applying predefined or custom roles to limit the admin's access to only those functions required for their job.
- E. Multi-factor authentication to verify a user's authenticity.
正解:A、C、D
解説:
Explanation
To implement tenant access security and governance controls for privileged users, you can use the following access controls that are natively available within the Netskope Cloud Security Platform and do not require external or third-party integration:
IP allowlisting to control access based upon source IP addresses. This allows you to specify the IP addresses that are allowed to access your Netskope tenant2. This can prevent unauthorized access from unknown or malicious sources.
Login attempts to set the number of failed attempts before the admin user is locked out of the UI. This allows you to configure how many times an admin can enter an incorrect password before being locked out for a specified period of time3. This can prevent brute-force attacks or password guessing attempts.
Applying predefined or custom roles to limit the admin's access to only those functions required for their job. This allows you to assign different levels of permissions and access rights to different admins based on their roles and responsibilities4. This can enforce the principle of least privilege and reduce the risk of misuse or abuse of admin privileges. Therefore, options A, B, and C are correct and the other options are incorrect. References: Secure Tenant Configuration and Hardening - Netskope Knowledge Portal, Admin Settings - Netskope Knowledge Portal, Create Roles - Netskope Knowledge Portal
質問 # 38
Netskope is being used as a secure Web gateway. Your organization's URL list changes frequently. In this scenario, what makes It possible for a mass update of the URL list in the Netskope platform?
- A. SCIM provisioning
- B. REST API v2
- C. Assertion Consumer Service URL
- D. Cloud Threat Exchange
正解:B
解説:
Explanation
The method that makes it possible for a mass update of the URL list in the Netskope platform is A. REST API v2. REST API v2 is a feature that allows you to use an auth token to make authorized calls to the Netskope API and access resources via URI paths5. You can use REST API v2 to update a URL list with new values by providing the name of an existing URL list and a comma-separated list of URLs or IP addresses6. This can help you automate or script the management of your URL lists and keep them up-to-date. Therefore, option A is correct and the other options are incorrect. References: REST API v2 Overview - Netskope Knowledge Portal, Update a URL List - Netskope Knowledge Portal
質問 # 39
Recently your company implemented Zoom for collaboration purposes and you are attempting to inspect the traffic with Netskope. Your initial attempt reveals that you are not seeing traffic from the Zoom client that is used by all users. You must ensure that this traffic is visible to Netskope.
In this scenario, which two steps must be completed to satisfy this requirement? (Choose two.)
- A. Remove the default steering exception for the Web Conferencing Category.
- B. Create a steering exception for Zoom to ensure traffic is reaching Netskope.
- C. Create a Do Not Decrypt SSL policy for the Zoom application suite.
- D. Remove the Zoom certificate-pinned application from the default steering configuration.
正解:A、D
解説:
Explanation
To ensure that the traffic from the Zoom client is visible to Netskope, you need to remove the Zoom certificate-pinned application from the default steering configuration and remove the default steering exception for the Web Conferencing Category. A certificate-pinned application is an application that validates the server certificates against the hardcoded ones in the application. This is a security technique used to prevent man-in-the-middle attacks and secure access to the application. By default, Netskope bypasses the traffic from certificate-pinned applications and does not decrypt or inspect it3. Zoom is one of the predefined certificate-pinned applications that Netskope supports4. To enable Netskope to inspect the traffic from Zoom, you need to remove it from the steering configuration that applies to your users5. Additionally, you need to remove the default steering exception for the Web Conferencing Category, which includes Zoom and other similar applications. A steering exception is a rule that specifies the traffic that you want to bypass Netskope and go directly to the destination6. By removing this exception, you allow Netskope to steer and analyze the traffic from web conferencing applications. Therefore, options C and D are correct and the other options are incorrect. References: Certificate Pinned Applications - Netskope Knowledge Portal, Certificate Pinned App (CPA) - The Netskope Community, Steering Configuration - Netskope Knowledge Portal, Steering Exceptions
- Netskope Knowledge Portal
質問 # 40
......
実際にあるNSK200問題集PDFで100%合格率保証付きます:https://jp.fast2test.com/NSK200-premium-file.html