2024年08月実際に出るNSK200試験問題集には正確で更新された問題
NSK200試験問題集でPDF問題とテストエンジン
質問 # 28
The director of IT asks for confirmation If your organization's Web traffic would be blocked when the Netskope client fails. In this situation, what would confirm the fail close status?
- A. Review the nsdebuglog.log.
- B. View Application events.
- C. Review user settings.
- D. Perform a right-click on the Netskope client icon using your mouse.
正解:A
解説:
Explanation
The method that would confirm the fail close status is B. Review the nsdebuglog.log. The nsdebuglog.log is a log file that contains information about the Netskope client's status, configuration, events, errors, etc. You can review the nsdebuglog.log file to confirm the fail close status by looking for a line that says
"failCloseStatus":"1". This indicates that the fail close option is enabled for the Netskope client4. The fail close option is a feature that allows you to block all web traffic when the Netskope client fails or loses connection to the Netskope cloud5. Therefore, option B is correct and the other options are incorrect. References: Troubleshooting Netskope Client - Netskope Knowledge Portal, Client Configuration - Netskope Knowledge Portal
質問 # 29
You are given an MD5 hash of a file suspected to be malware by your security incident response team. They ask you to offer insight into who has encountered this file and from where was the threat initiated. In which two Skope IT events tables would you search to find the answers to these questions? (Choose two.)
- A. Page Events
- B. Alerts
- C. Network Events
- D. Application Events
正解:B、D
解説:
Explanation
To find the answers to the questions posed by the security incident response team, you need to search in the Application Events and Alerts tables in Skope IT. The Application Events table shows the details of the cloud application activities performed by the users, such as upload, download, share, etc. You can filter the Application Events table by the MD5 hash of the file tofind out who has encountered this file and from which cloud service it was downloaded1. The Alerts table shows the details of the policy violations triggered by the users, such as DLP, threat protection, anomaly detection, etc. You can filter the Alerts table by the MD5 hash of the file to find out if this file was detected as malware by Netskope and what action was taken2. Therefore, options A and C are correct and the other options are incorrect. References: Application Events - Netskope Knowledge Portal, Alerts - Netskope Knowledge Portal
質問 # 30
What is the purpose of the filehash list in Netskope?
- A. It configures blocklist and allowlist entries referenced in the custom Malware Detection profiles.
- B. It providesClient Threat Exploit Prevention (CTEP).
- C. It is used to allow and block URLs.
- D. It provides the file types that Netskope can inspect.
正解:A
解説:
Explanation
The purpose of the file hash list in Netskope is to configure blocklist and allowlist entries referenced in the custom Malware Detection profiles. A file hash list is a collection of MD5 or SHA-256 hashes that represent files that you want to allow or block in your organization. You can create a file hash list when adding a file profile and use it as an allowlist or blocklist for files in your organization1. You can then select the file hash list when creating a Malware Detection profile2.
質問 # 31
Your customer is concerned aboutmalware in their AWS S3 buckets. What two actions would help with this scenario? (Choose two.)
- A. Create a threatprofile to quarantine malware in their AWS S3 buckets.
- B. Enable Threat Protection (Malware Scan) for all of their AWS instances to Identify malware.
- C. Create a real-time policy to block malware uploads to their AWS instances.
- D. Create an API protection policy to quarantine malware in their AWS S3 buckets.
正解:B、D
解説:
Explanation
To help the customer with the scenario of malware in their AWS S3 buckets, two actions that would help are B: Enable Threat Protection (Malware Scan) for all of their AWS instances to identify malware and C. Create an API protection policy to quarantine malware in their AWS S3 buckets. Threat Protection (Malware Scan) is a feature that allows you to scan files in your cloud services, such as AWS S3, for malware using Netskope's advanced threat protection engine. You can enable Threat Protection (Malware Scan) for all of your AWS instances in the Netskope tenant by going to Settings > Cloud Services > AWS > Threat Protection and selecting the Enable Malware Scan option1. This will help you identify malware in your AWS S3 buckets and generate alerts for further action. An API protection policy is a rule that specifies the actions and notifications that Netskope applies to the data that is already resident in your cloud services, such as AWS S3, based on various criteria. You can create an API protection policy to quarantine malware in your AWS S3 buckets by going to Policies > API Protection > New Policy and selecting the AWS service, the Malware Scan data identifier, and the Quarantine action in the policy page2. This will help you isolate malware in your AWS S3 buckets and prevent it from spreading or being accessed by unauthorized users. Therefore, options B and C are correct andthe other options are incorrect. References: Threat Protection (Malware Scan) - Netskope Knowledge Portal, Add a Policy for API Protection - Netskope Knowledge Portal
質問 # 32
Review the exhibit.
You are asked to create a DLP profile that will ensure that the data shown in the exhibit cannot be uploaded to a user's personal Google Drive.
What must be used to accomplish this task?
- A. ML image classifier
- B. optical character recognition
- C. document fingerprinting
- D. INTL-PAN-Name rule
正解:B
解説:
Explanation
To create a DLP profile that will ensure that the data shown in the exhibit cannot be uploaded to a user's personal Google Drive, you need to use optical character recognition (OCR). OCR is a feature that allows you to detect and extract text from images and scanned documents. You can use OCR in your DLP profiles to identify sensitive data that is embedded or hidden in images1. In the exhibit, we can see that the data is a credit card number, which is a type of sensitive data that can be easily identified by OCR. You can create a DLP profile that uses OCR and matches the credit card number data identifier or a custom regex expression. You can then apply an action such as block, alert, or quarantine to prevent the data from being uploaded to Google Drive2. Therefore, option C is correct and the other options are incorrect. References: Optical Character Recognition (OCR) - Netskope Knowledge Portal, Add a Policy for Data Protection - Netskope Knowledge Portal
質問 # 33
You are provisioning Netskope users from Okta with SCIM Provisioning, and users are not showing up in the tenant. In this scenario, which two Netskope components should you verify first In Okta for accuracy?
(Choose two.)
- A. OAuth token
- B. SCIM server URL
- C. IdP Entity ID
- D. Netskope SAML certificate
正解:A、B
解説:
Explanation
To provision Netskope users from Okta with SCIM Provisioning, and users are not showing up in the tenant, the two Netskope components that you should verify first in Okta for accuracy are B. OAuth token and D.
SCIM server URL. The OAuth token is a credential that allows Okta to authenticate with the Netskope SCIM server and perform user provisioning operations4. The SCIM server URL is the endpoint that Okta uses to communicate with the Netskope SCIM server and send user data5. Both of these components must be configured correctly in Okta for the SCIM Provisioning to work. You can find them in the Netskope UI under Settings > Tools > Directory Tools > SCIM Integration6. Therefore, options B and D are correct and the other options are incorrect. References: SCIM-Based User Provisioning - Netskope Knowledge Portal, Netskope + Okta Use Case: Provisioning Users and Managing Groups Using SCIM - Netskope, Netskope Partner Okta - Netskope
質問 # 34
You are using the Netskope DLP solution. You notice flies containing test data for credit cards are not triggering DLP events when uploaded to Dropbox. There are corresponding page events. Which two scenarios would cause this behavior? (Choose two.)
- A. There is no API protection configured for Dropbox.
- B. The credit card numbers in your test data are Invalid 16-dlglt numbers.
- C. The Netskope client Is not steering Dropbox traffic.
- D. The DLP rule has the severity threshold set to a value higher than the number of occurrences.
正解:B、D
解説:
Explanation
There are two possible scenarios that would cause the behavior of files containing test data for credit cards not triggering DLP events when uploaded to Dropbox. One scenario is that the DLP rule has the severity threshold set to a value higher than the number of occurrences. This means that the rule will only trigger an event if the number of matches for the sensitive data exceeds the specified threshold. For example, if the rule has a severity threshold of 10 and the file contains only 5 credit card numbers, then no event will be generated. To fix this, you can lower the severity threshold or remove it altogether. The other scenario is that the credit card numbers in your test data are invalid 16-digit numbers. This means that the numbers do not pass the Luhn algorithm check, which is a validation method used by Netskope DLP to detectvalid credit card numbers. For example, if the number is 1234-5678-9012-3456, then it is not a valid credit card number and will not be detected by Netskope DLP. To fix this, you can use valid test credit card numbers that pass the Luhn algorithm check. The other options are not valid scenarios for this behavior. The Netskope client is not steering Dropbox traffic is not a valid scenario because there are corresponding page events, which means that the traffic is being steered to Netskope. There is no API protection configured for Dropbox is not a valid scenario because API protection is not required for DLP detection on file uploads, which are handled by real-time protection. References: DLP Rule Settings1, Credit Card Number Detection2
質問 # 35
Your customer implements Netskope Secure Web Gateway to secure all Web traffic. While they have created policies to block certain categories, there are many new sites available dally that are not yet categorized. The customer's users need quick access and cannot wait to put in a request to gain access requiring a policy change or have the site's category changed.
To solve this problem, which Netskope feature would provide quick, safe access to these types of sites?
- A. Netskope SaaS Security Posture Management (SSPM)
- B. Netskope Continuous Security Assessment (CSA)
- C. Netskope Remote Browser Isolation (RBI)
- D. Netskope Cloud Firewall (CFW)
正解:C
解説:
Explanation
To solve the problem of providing quick, safe access to uncategorized and risky websites, the Netskope feature that the customer should use is Netskope Remote Browser Isolation (RBI). Netskope RBI is a part of the Netskope Secure Web Gateway offering that intercepts a user's browsing session to a website, acting as a proxy that fetches the content for that user and renders the content in an isolated browsing instance. The rendered content is delivered to the user's browser as a safe stream of pixels. This safely silos the end user's device and the enterprise network and systems, separating it from their browsing activity and restricting the ability of an attacker to establish control and / or breach other systems and exfiltrate data1. Netskope RBI can be easily invoked with an 'isolate' policy action within the Netskope Security Cloud for any website category or domain2. Therefore, option B is correct and the other options are incorrect. References: Remote Browser Isolation - Netskope Knowledge Portal, Netskope Remote Browser Isolation - Netskope
質問 # 36
You want to allow both the user identities and groups to be imported in the Netskope platform. Which two methods would satisfy this requirement? (Choose two.)
- A. Use Manual Entries.
- B. Use Directory Importer.
- C. Use Bulk Upload with a CSV file.
- D. Use System for Cross-domain Identity Management (SCIM).
正解:C、D
解説:
Explanation
To allow both the user identities and groups to be imported in the Netskope platform, you can use either the System for Cross-domain Identity Management (SCIM) method or the Bulk Upload with a CSV file method.
Both of these methods allow for the import of user identities and groups from different identity providers (IdPs) that support SCIM or CSV formats. The SCIM method is recommended for large-scale deployments, as it automates the exchange of user identity information across apps for user provisioning. The CSV method is recommended for small-scale deployments, as it allows for manual upload of user details in a comma-separated values file. The other methods are not suitable for this requirement. The Manual Entries method does not allow for the import of groups, only user emails. The Directory Importer method does not import users and groups directly into the Netskope platform, but rather connects to an Active Directory or LDAP server and periodically fetches user and group information.
References: Provisioning Users for Netskope Client2, SCIM Integration3, Bulk Upload via CSV file
質問 # 37
Your company needs to keep quarantined files that have been triggered by a DLP policy. In this scenario, which statement Is true?
- A. The files are stored In the Cloud provider assigned In the Quarantine profile.
- B. The files are stored In the Netskope data center assigned in the Quarantine profile.
- C. The files are stofed remotely In your data center assigned In the Quarantine profile.
- D. The files are stored on the administrator console PC assigned In the Quarantine profile.
正解:B
解説:
Explanation
When a policy flags a file to be quarantined, that file is placed in a quarantine folder and a tombstone file is put in the original location in its place. The quarantine folder is located in the Netskope data center assigned in the Quarantine profile. The Quarantine profile is configured in Settings > Threat Protection > API-enabled Protection. The quarantined file is zipped and protected with a password to prevent users from inadvertently downloading the file. Netskope then notifies the admin specified in the profile1. Therefore, option B is correct and the other options are incorrect. References: Quarantine - Netskope Knowledge Portal, Threat Protection - Netskope Knowledge Portal
質問 # 38
Your company has many users thatare remote and travel often. You want to provide the greatest visibility into their activities, even while traveling. Using Netskope. which deployment method would be used in this scenario?
- A. Use an IPsec tunnel.
- B. Use a GRE tunnel.
- C. Use a Netskope client.
- D. Use proxy chaining.
正解:C
解説:
Explanation
The best deployment method for remote and traveling users is to use a Netskope client. The Netskope client is a lightweight software agent that runs on the user's device and steers web and cloud traffic to the Netskope cloud for real-time inspection and policy enforcement1. The Netskope client provides an always-on end user remote access experience and avoids backhauling (or hairpinning) remote users through the corporate network to access applications in public cloud environments2. The Netskope client also supports offline mode, which allows users to work offline and sync their policies when they reconnect to the internet
質問 # 39
To which three event types does Netskope's REST API v2 provide access? (Choose three.)
- A. application
- B. alert
- C. client
- D. user
- E. infrastructure
正解:A、B、E
解説:
Explanation
Netskope's REST API v2 provides access to various event types via URI paths. The event types include application, alert, infrastructure, audit, incident, network, and page. These event types can be used to retrieve data from Netskope's cloud security platform. The event types client and user are not supported by the REST API v2. References: REST API v2 Overview, Cribl Netskope Events and Alerts Integration, REST API Events and Alerts Response Descriptions
質問 # 40
Review the exhibit.
While diagnosing an NPA connectivity issue, you notice an error message in the Netskope client logs.
Referring to the exhibit, what does this error represent?
- A. The primary publisher is unavailable or cannot be reached.
- B. There Is an EDNS or LDNS resolution error.
- C. There Is an upstream device trying to intercept the NPA TLS connection.
- D. The Netskope client has been load-balanced to a different data center.
正解:C
解説:
Explanation
The error message in the exhibit represents that there is an upstream device trying to intercept the NPA TLS connection. The error message is "ERROR SSL certificate verification failed: self signed certificate in certificate chain". This means that the Netskope client is receiving a certificate that is not issued by Netskope, but by a device that is intercepting and decrypting the traffic between the client and the Netskope cloud. This can cause the client to fail to establish a secure connection to the NPA service and access the private applications4. To solve this problem, you need to either bypass or trust the upstream device that is performing SSL decryption, such as a firewall or proxy5. Therefore, option D is correct and the other options are incorrect. References: Troubleshooting Netskope Client - Netskope Knowledge Portal, Netskope Client Troubleshooting Guide - The Netskope Community
質問 # 41
You notice that your Netskope client icon has a red dot and see "Disabled due to error" when hovering the mouse over the icon. What are two reasons for this message? (Choose two.)
- A. The steering exceptions are incorrect.
- B. The client service is manually stopped.
- C. The client traffic is directed over iPsec.
- D. The client health check has failed.
正解:B、D
解説:
Explanation
Two reasons for the message "Disabled due to error" when hovering the mouse over the Netskope client icon are A. The client service is manually stopped and C. The client health check has failed. The client service is a background process that runs the Netskope client on the user's device and communicates with the Netskope cloud. If the client service is manually stopped by the user or by another program, the Netskope client will be disabled and show a red dot on the icon1. The client health check is a feature that monitors the status of the Netskope client and performs self-repair actions if any issues are detected. If the client health check has failed, it means that the Netskope client has encountered a critical error that cannot be fixed automatically, such as corrupted files or registry entries. In this case, the Netskope client will be disabled and show a red dot on the icon2. Therefore, options A and C are correct and the other options are incorrect. References: Troubleshooting Netskope Client - Netskope Knowledge Portal, Client Health Check - Netskope Knowledge Portal
質問 # 42
You want to secure Microsoft Exchange and Gmail SMTP traffic for DLP using Netskope. Which statement is true about this scenario when using the Netskope client?
- A. Netskope can inspect outbound SMTP trafficfor Microsoft Exchange and Gmail.
- B. Enable Cloud Firewall to Inspect Inbound SMTP traffic for Microsoft Exchange and Gmail.
- C. Netskope can inspect inbound and outbound SMTP traffic for Microsoft Exchange and Gmail.
- D. Enable REST API v2 to Inspect inbound SMTP traffic for Microsoft Exchange and Gmail.
正解:A
解説:
Explanation
Netskope can inspect outbound SMTP traffic for Microsoft Exchange and Gmail using the Netskope client.
The Netskope client intercepts the SMTP traffic from the user's device and forwards it to the Netskope cloud for DLP scanning. The Netskope client does not inspect inbound SMTP traffic, as this is handled by the cloud email service or the MTA. Therefore, option A is correct and the other options are incorrect. References: Configure Netskope SMTP Proxy with Microsoft O365 Exchange, Configure Netskope SMTP Proxy with Gmail, SMTP DLP, Best Practices for Email Security with SMTP proxy
質問 # 43
You are using the Netskope DLP solution. You notice that valid credit card numbers in a file that you just uploaded to an unsanctioned cloud storage solution are not triggering a policy violation. You can see the Skope IT application events for this traffic but no DLP alerts.
Which statement is correct in this scenario?
- A. Netskope client is enabled, but API protection for the SaaS application is not configured.
- B. Credit card numbers are entered with a space or dash separator and not as a 16-digit consecutive number.
- C. You have set the severity threshold to a higher value.
- D. Netskope client is not enabled.
正解:B
解説:
Explanation
The statement that is correct in this scenario is D. Credit card numbers are entered with a space or dash separator and not as a 16-digit consecutive number. This is one of the possible reasons why valid credit card numbers in a file are not triggering a policy violation by Netskope DLP. Netskope DLP uses data identifiers to detect sensitive data in files and network traffic. Data identifiers are predefined or custom rules that match data patterns based on regular expressions, checksums, keywords, etc1. The credit card number data identifier matches 16-digit consecutive numbers that pass the Luhn algorithm check2. If the credit card numbers are entered with a space or dash separator, such as 1234-5678-9012-3456 or 1234 5678 9012 3456, they will not match the data identifier and will not trigger a policy violation. To solve this problem, you can either remove the separators from the credit card numbers or create a custom data identifier that matches the credit card numbers with separators3. Therefore, option D is correct and the other options are incorrect. References: Data Identifiers - Netskope Knowledge Portal, Credit Card Number - Netskope Knowledge Portal, Create a Custom Data Identifier - Netskope Knowledge Portal
質問 # 44
Netskope support advised you to enable DTLS for belter performance. You added firewall rules to allow UDP port 443 traffic. These settings are part of which configuration element when enabled in the Netskope tenant?
- A. SSL decryption policies
- B. Real-time Protection policies
- C. client configuration
- D. steering configuration
正解:C
解説:
Explanation
DTLS (Datagram Transport Layer Security) is a protocol that provides secure communication over UDP. It is an option that can be enabled in the client configuration settings in the Netskope tenant. Enabling DTLS can improve the performance of the Netskope client, especially in high latency or packet loss scenarios. DTLS is not related to Real-time Protection policies, SSL decryption policies, or steering configuration, which are different configuration elements in the Netskope tenant. References: Client Configuration Settings 3, Netskope Client Performance 4
質問 # 45
You are implementing tenant access security and governance controls for privileged users. You want to start with controls that are natively available within the Netskope Cloud Security Platform and do not require external or third-party integration.
Which three access controls would you use in this scenario? (Choose three.)
- A. History-based access control based on past security actions.
- B. Applying predefined or custom roles to limit the admin's access to only those functions required for their job.
- C. Login attempts to set the number of failed attempts before the admin user is locked out of the Ul.
- D. IP allowlisting to control access based upon source IP addresses.
- E. Multi-factor authentication to verify a user's authenticity.
正解:B、C、D
解説:
Explanation
To implement tenant access security and governance controls for privileged users, you can use the following access controls that are natively available within the Netskope Cloud Security Platform and do not require external or third-party integration:
IP allowlisting to control access based upon source IP addresses. This allows you to specify the IP addresses that are allowed to access your Netskope tenant2. This can prevent unauthorized access from unknown or malicious sources.
Login attempts to set the number of failed attempts before the admin user is locked out of the UI. This allows you to configure how many times an admin can enter an incorrect password before being locked out for a specified period of time3. This can prevent brute-force attacks or password guessing attempts.
Applying predefined or custom roles to limit the admin's access to only those functions required for their job. This allows you to assign different levels of permissions and access rights to different admins based on their roles and responsibilities4. This can enforce the principle of least privilege and reduce the risk of misuse or abuse of admin privileges. Therefore, options A, B, and C are correct and the other options are incorrect. References: Secure Tenant Configuration and Hardening - Netskope Knowledge Portal, Admin Settings - Netskope Knowledge Portal, Create Roles - Netskope Knowledge Portal
質問 # 46
You are integrating Netskope tenant administration with an external identity provider. You need to implement role-based access control. Which two statements are true about this scenario? (Choose two.)
- A. You need to define the administrators locally in the Netskope tenant.
- B. The roles you want to assign must be present in the Netskope tenant.
- C. Once integrated withIdP. you must append the "locallogin" URL to log in using IdP
- D. You do not need to define the administrators locally in the Netskope tenant after It Is integrated with IdP.
正解:A、B
解説:
Explanation
To implement role-based access control when integrating Netskope tenant administration with an external identity provider (IdP), two statements that are true about this scenario are A. The roles you want to assign must be present in the Netskope tenant and C. You need to define the administrators locally in the Netskope tenant. Role-based access control (RBAC) is a feature that allows you to assign different levels of permissions and access to the Netskope tenant based on the user's role. You can use RBAC to integrate Netskope tenant administration with an external IdP such as Azure AD or Okta and delegate administrative tasks to different users or groups1. To do this, you need to ensure that the roles you want to assign are present in the Netskope tenant. You can use the predefined roles such as SYSADMIN, AUDITOR, or OPERATOR, or create custom roles with specific privileges2. You also need to define the administrators locally in the Netskope tenant by creating local user accounts and assigning them roles. You can use the same email address as the IdP user account for the local useraccount3. Therefore, options A and C are correct and the other options are incorrect. References: Role-Based Access Control - Netskope Knowledge Portal, Roles - Netskope Knowledge Portal, Integrate with Azure AD - Netskope Knowledge Portal
質問 # 47
Your customer is migrating all of their applications over to Microsoft 365 and Azure. They have good practices and policies in place (or their inline traffic, but they want to continuously detect reconfigurations and enforce compliance standards.
Which two solutions would satisfytheir requirements? (Choose two.)
- A. Netskope Cloud Confidence Index
- B. Netskope SaaS Security Posture Management
- C. Netskope Risk Insights
- D. Netskope Continuous Security Assessment
正解:B、D
解説:
Explanation
To continuously detect and enforce compliance standards for their Microsoft 365 and Azure applications, the customer needs to use Netskope SaaS Security Posture Management (SSPM) and Netskope Continuous Security Assessment (CSA). Netskope SSPM allows the customer to monitor, assess, and act on security, permission, and access related issues in their SaaS environment, such as Microsoft 365. Netskope SSPM continuously checks security posture by comparing SaaS app settings with security policies and industry benchmarks (CIS, PCI-DSS, NIST, HIPAA, CSA, GDPR, AIPCA, ISO, and more). It also provides visibility and control over third-party apps that are connected to the managed apps1. Netskope CSA allows the customer to discover, audit, and remediate misconfigurations in their IaaS environment, such as Azure. Netskope CSA continuously monitors and audits cloud configurations against industry standards, CIS benchmarks, and regulatory frameworks. It also provides real-time inline protection to secure public clouds from threats and data loss2. Therefore, options A and D are correct and the other options are incorrect. References: SaaS Security Posture Management - Netskope, Public Cloud Security Solutions - Netskope
質問 # 48
After deploying the Netskope client to a number of devices, users report that the Client status indicates
"Admin Disabled". User and gateway information is displayed correctly in the client configuration dialog Why are clients installing in an "Admin Disabled" state in this scenario?
- A. The user's identity is not synchronized to Netskope.
- B. The user's account has no mail ID attribute In Active Directory.
- C. The user's password was incorrect during enrollment.
- D. All devices were previously disabled by the administrator.
正解:D
解説:
Explanation
The Netskope client can be disabled by the administrator from the Netskope console. This is useful for troubleshooting or maintenance purposes. When the client is disabled by the administrator, it shows the status as "Admin Disabled" and does not apply any policies or steer any traffic. The user cannot enable the client unless the administrator enables it from the console. The other options are not valid reasons for the client to be in an "Admin Disabled" state. References: Netskope Client Status 1, Enable or Disable Netskope Client 2
質問 # 49
Review the exhibit.
You receive a service request from a user who indicates that theirNetskope client is in a disabled state. The exhibit shows an excerpt (rom the affected client nsdebuglog.log.
What is the problem in this scenario?
- A. User authentication failed during IdP-based enrollment.
- B. Custom installation parameters are incorrectly specified
- C. The Netskope client connection is being decrypted.
- D. The user's account has not been provisioned into Netskope.
正解:C
解説:
Explanation
The problem in this scenario is that the Netskope client connection is being decrypted by a network security device. This is evident from the log message "ERROR SSL certificate verification failed: self signed certificate in certificate chain". This means that the Netskope client is receiving a certificate that is not issued by Netskope, but by a device that is intercepting and decrypting the traffic between the client and the Netskope cloud. This can cause the client to fail to download the required configuration and remain in a disabled state1.
Therefore, option B is correct and the other options are incorrect. References: Troubleshooting Netskope Client - Netskope Knowledge Portal, Using Netskope Client - Netskope Knowledge Portal
質問 # 50
A customer wants to deploy the Netskope client on all their employee laptops to protect all Web traffic when users are working from home. However, users are required to work from their local offices at least one day per week. Management requests that users returning to the office be able to transparently leverage the local security stack without any user intervention.
Which two statements are correct in this scenario? (Choose two.)
- A. You must allow users to unenroll In the client configuration.
- B. You must configure IPsec/GRE tunnels on the local network to steer traffic to Netskope.
- C. Youmust disable Dynamic Steering in the traffic steering profile.
- D. You must enable On-premises Detection in the client configuration.
正解:C、D
解説:
Explanation
To allow users to transparently leverage the local security stack when they return to the office, you need to follow these two statements: A. You must enable On-premises Detection in the client configuration and C.
You must disable Dynamic Steering in the traffic steering profile. On-premises Detection is a feature that allows the Netskope client to detect whether it is on-premises or off-premises based on a DNS or HTTP probe. You need to enable On-premises Detection in the client configuration and specify a domain name or an HTTP address that is only accessible from your local network3. Dynamic Steering is a feature that allows you to steer different types of traffic differently based on various criteria such as user group, location, category, etc. You need to disable Dynamic Steering in the traffic steering profile or create an exception for your local network to bypass Netskope and use your local security stack4. Therefore, options A and C are correct and the other options are incorrect. References: Client Configuration - Netskope Knowledge Portal, Dynamic Steering
- Netskope Knowledge Portal
質問 # 51
Your company has Microsoft Azure ADFS set up as the Identity Provider (idP). You need to deploy the Netskope client to all company users on Windows laptops without user intervention.
In this scenario, which two deployment options would you use? (Choose two.)
- A. Deploy the Netskope client with Microsoft GPO.
- B. Deploy the Netskope client with SCCM.
- C. Deploy the Netskope client using an email Invitation.
- D. Deploy the Netskope client using IdP.
正解:A、B
解説:
Explanation
To deploy the Netskope client to all company users on Windows laptops without user intervention, you can use either SCCM or GPO. These are two methods of packaging the application and pushing it silently to the user's device using Microsoft tools4. These methods donot require the user to have local admin privileges or to initiate the installation themselves. They also allow enforcing the use of the client through company policy. The Netskope client can authenticate the user using Azure ADFS as the identity provider, as long as the UPN of the logged in user matches the directory5
質問 # 52
A city uses many types of forms, including permit applications. These forms contain personal and financial information of citizens. Remote employees download these forms and work directly with the citizens to complete them. The city wants to be able to identify and monitor the specific forms and block the employees from downloading completed forms.
Which feature would you use to accomplish this task?
- A. regular expressions (regex)
- B. exact data match (EDM)
- C. document fingerprinting
- D. optical character recognition (OCR)
正解:C
解説:
Explanation
To identify and monitor the specific forms used by the city and block the employees from downloading completed forms, you need to use document fingerprinting. Document fingerprinting is a feature that allows you to create a unique signature for a document based on its content and structure. You can then use this signature to match other documents that are similar or identical to the original document3. You can create a document fingerprinting profile in Netskope by uploading a sample document or selecting one from your cloud services4. You can then use this profile in your data protection policies to apply actions such as block, alert, or quarantine to the documents that match the fingerprint5. Therefore, option C is correct and the other options are incorrect. References: Document Fingerprinting - Netskope Knowledge Portal, Create a Document Fingerprinting Profile - Netskope Knowledge Portal, Add a Policy for Data Protection - Netskope Knowledge Portal
質問 # 53
......
合格させるNetskope NSK200試験最速合格にはFast2test:https://jp.fast2test.com/NSK200-premium-file.html