
[2024年10月23日] 最新版を今すぐ試そうNSK101練習テスト問題解答
NSK101問題集と試験テストエンジン
質問 # 17
What are two correct methods to gather logs from the Netskope Client? (Choose two.)
- A. Search for the systeminfo.log file in Explorer and submit the results.
- B. Open the Netskope Client application and click the Advanced Debugging button.
- C. Right-click on the Netskope task tray icon and click Save Logs...
- D. From the Netskope Console in the device detail view, select Collect Log.
正解:C、D
解説:
From the Netskope Console in the device detail view, select Collect Log:
Step 1: Access the Netskope Admin Console.
Step 2: Navigate to the specific device detail view.
Step 3: Locate and select the "Collect Log" option.
Reference:
Right-click on the Netskope task tray icon and click Save Logs...:
Step 1: Go to the device running the Netskope Client.
Step 2: Locate the Netskope icon in the task tray.
Step 3: Right-click on the Netskope icon.
Step 4: Select "Save Logs..." from the context menu.
Netskope Knowledge Portal: Detailed guides on collecting logs via the Netskope Console and client applications.
質問 # 18
A customer changes CCI scoring from the default objective score to another score. In this scenario, what would be a valid reason for making this change?
- A. The customer's organization uses a SaaS application that is currently listed as "under research".
- B. The customer wants to punish an application vendor for providing poor customer service.
- C. The customer's organization places a higher business risk weight on vendors that claim ownership of their data.
- D. The customer has discovered a new SaaS application that is not yet rated in the CCI database.
正解:C
解説:
The CCI scoring is a way to measure the security posture of cloud applications based on a set of criteria and weights. The default objective score is calculated by Netskope using industry best practices and standards. However, customers can change the CCI scoring to suit their own business needs and risk appetite. For example, a customer may want to place a higher business risk weight on vendors that claim ownership of their data, as this may affect their data sovereignty and privacy rights. Changing the CCI scoring for this reason would be valid, as it reflects the customer's own security requirements and preferences. Changing the CCI scoring for other reasons, such as discovering a new SaaS application, punishing an application vendor, or using an application under research, would not be valid, as they do not align with the purpose and methodology of the CCI scoring. Reference: Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 7: Cloud Confidence Index (CCI), Lesson 1: CCI Overview and Lesson 2: CCI Scoring.
質問 # 19
How does a cloud security solution achieve visibility into TLS/SSL-protected Web traffic?
- A. by using government-issued universal decryption keys for the ciphers
- B. by altering the TLS handshake and forcing the website to use a weak encryption algorithm which can be brute-forced
- C. by performing the TLS handshake on behalf of the website and replacing the site's certificate with its own
- D. by altering the TLS handshake and forcing the website to use insecure (HTTP) access
正解:C
解説:
TLS/SSL Inspection:
* Cloud security solutions achieve visibility into TLS/SSL-protected web traffic through a process known as TLS/SSL interception or inspection.
How It Works:
* The security solution acts as an intermediary (man-in-the-middle) during the TLS handshake.
* When a user initiates a connection to a TLS/SSL-protected website, the security solution intercepts this connection.
* It completes the TLS handshake with the user's device using its own certificate, and simultaneously performs the handshake with the destination website.
Certificate Replacement:
* The security solution decrypts the traffic, inspects it, and then re-encrypts it before forwarding it to the destination website.
* The user's browser trusts the security solution's certificate, which replaces the original website's certificate.
Security Implications:
* This method allows the security solution to inspect encrypted traffic for threats or policy violations
* while maintaining secure communication.
References:
* Detailed explanations and implementation steps can be found in Netskope documentation on SSL/TLS inspection.
質問 # 20
You are required to mitigate malicious scripts from being downloaded into your corporate devices every time a user goes to a website. Users need to access websites from a variety of categories, including new websites.
Which two actions would help you accomplish this task while allowing the user to work? (Choose two.)
- A. Block known bad websites and enable RBI to uncategorized domains.
- B. Allow the user to browse uncategorized domains but restrict edit activities.
- C. Block malware detected on download activity for all remaining categories.
- D. Allow a limited amount of domains and block everything else.
正解:A、C
解説:
To mitigate malicious scripts from being downloaded into your corporate devices every time a user goes to a website, you need to use Netskope's threat protection features to block or isolate potentially harmful web traffic. Two actions that would help you accomplish this task while allowing the user to work are: block malware detected on download activity for all remaining categories and block known bad websites and enable RBI to uncategorized domains. The first action will prevent any files that contain malware from being downloaded to your devices from any website category, except those that are explicitly allowed or excluded by your policies. The second action will prevent any websites that are classified as malicious or phishing by Netskope from being accessed by your users and enable Remote Browser Isolation (RBI) to uncategorized domains, which are domains that have not been assigned a category by Netskope. RBI is a feature that allows users to browse websites in a virtual browser hosted in the cloud, without exposing their devices to any scripts or content from the website. Allowing the user to browse uncategorized domains but restrict edit activities or allowing a limited amount of domains and block everything else are not effective actions, as they may either limit the user's productivity or expose them to unknown risks. Reference: [Netskope Threat Protection], [Netskope Remote Browser Isolation].
質問 # 21
According to Netskope. what are two preferred methods to report a URL miscategorization? (Choose two.)
- A. Use www.netskope.com/url-lookup.
- B. Email [email protected].
- C. Tag Netskope on Twitter.
- D. Use the URL Lookup page in the dashboard.
正解:A、D
解説:
According to Netskope, two preferred methods to report a URL miscategorization are: use www.netskope.com/url-lookup and use the URL Lookup page in the dashboard. The first method allows you to visit www.netskope.com/url-lookup in your browser and enter any URL that you want to check or report for miscategorization. You will see the current category assigned by Netskope for that URL and you can submit a request to change it if you think it is incorrect. The second method allows you to use the URL Lookup page in the dashboard of your Netskope platform tenant and enter any URL that you want to check or report for miscategorization. You will see the current category assigned by Netskope for that URL and you can submit a request to change it if you think it is incorrect. Emailing [email protected] or tagging Netskope on Twitter are not preferred methods to report a URL miscategorization, as they are not designed for this purpose and may not be as efficient or effective as using the dedicated tools provided by Netskope. References: [Netskope URL Lookup], Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 8: Skope IT, Lesson 2: Page Events.
質問 # 22
You consume application infrastructure (middleware) capabilities by a third-party provider. What is the cloud service model that you are using in this scenario?
- A. DaaS
- B. PaaS
- C. MaaS
- D. SaaS
正解:B
解説:
If you consume application infrastructure (middleware) capabilities by a third-party provider, then the cloud service model that you are using in this scenario is PaaS, which stands for Platform as a Service. PaaS is a cloud service model that provides customers with a platform to develop, run, and manage applications without having to deal with the underlying infrastructureor software. PaaS typically includes middleware capabilities such as databases, web servers, development tools, integration services, etc., that customers can use to build and deploy their applications faster and easier. MaaS, DaaS, and SaaS are not cloud service models that match this scenario, as they stand for different types of services. MaaS stands for Monitoring as a Service, which is a service that provides customers with tools to monitor and manage their cloud resources and performance.
DaaS stands for Desktop as a Service, which is a service that provides customers with virtual desktops that they can access from any device or location. SaaS stands for Software as a Service, which is a service that provides customers with software applications that they can use over the internet without installing or maintaining them. References: [PaaS], [MaaS], [DaaS], [SaaS].
質問 # 23
Which two statements are correct about Netskope's NewEdge Security Cloud Network Infrastructure?
(Choose two.)
- A. It utilizes virtual POPs for traffic onboarding ensuring low latency.
- B. It utilizes multiple public cloud providers for inline services ensuring high availability and elasticity.
- C. It is a private security cloud network that is over-provisioned, elastic, and built for scale.
- D. It includes direct peering with Microsoft and Google in every data center.
正解:C、D
解説:
Netskope's NewEdge Security Cloud Network Infrastructure is designed to provide high performance, security, and scalability for cloud traffic. The following statements are correct about this infrastructure:
* It includes direct peering with Microsoft and Google in every data center:
* Netskope has established direct peering relationships with major cloud service providers like Microsoft and Google. This direct peering ensures optimized and low-latency connections to these services, improving performance for end-users.
* It is a private security cloud network that is over-provisioned, elastic, and built for scale:
* The NewEdge network is a private security cloud network that is designed to be highly scalable and elastic. It is over-provisioned to handle large volumes of traffic and can scale up as needed to meet demand. This ensures high availability and performance for users accessing cloud services.
References:
* Netskope NewEdge Overview
* Netskope Knowledge Portal: NewEdge Network
質問 # 24
A Netskope administrator wants to create a policy to quarantine files based on sensitive content.
In this scenario, which variable must be included in the policy to achieve this goal?
- A. Cloud Confidence Index level
- B. Threat Protection Profile
- C. DLP Profile
- D. Organizational Unit
正解:C
解説:
To create a policy to quarantine files based on sensitive content in Netskope, you need to include the DLP Profile variable. Here's a detailed explanation of the steps involved:
Access Netskope Admin Console: First, log in to your Netskope admin console.
Navigate to Policies: Go to the Policies section where you can create and manage different types of policies.
Create a New Policy: Click on the option to create a new policy. Select the type of policy you want to create. In this case, it will be a Data Loss Prevention (DLP) policy.
Define Policy Criteria: Define the criteria for your policy. This includes specifying the conditions under which files should be quarantined. You will need to include sensitive content detection as part of the criteria.
Include DLP Profile: The most crucial step is to include a DLP Profile in your policy. The DLP Profile will define the sensitive content that the policy will monitor for. Netskope provides various predefined DLP profiles that you can use, or you can create custom DLP profiles based on your organization's needs.
Set Action to Quarantine: Specify the action to be taken when the policy criteria are met. In this case, you want to quarantine the files. Select the "Quarantine" action from the available options.
Save and Apply Policy: Once you have configured the policy with the DLP profile and action, save the policy and apply it to the relevant users, groups, or organizational units.
Reference:
Netskope Knowledge Portal: Using DLP Profiles and Policies.
質問 # 25
You want to determine which NewEdge data planes that your remote users have been recently using.
Which area of the Netskope Tenant UI would provide this information?
- A. Users page under Settings
- B. Network Steering under Digital Experience Management
- C. Client Steering under Digital Experience Management
- D. Devices page under Settings
正解:C
解説:
* NewEdge Data Planes Monitoring:
To determine which NewEdge data planes your remote users have been using, you need to access the relevant monitoring section in the Netskope Tenant UI.
* Client Steering under Digital Experience Management:
The Client Steering section under Digital Experience Management provides detailed information on how traffic is being steered for remote users.
This section includes insights into the NewEdge data planes being utilized by users.
* Steps:
Navigate to Digital Experience Management in the Netskope Tenant UI.
Select Client Steering to view detailed reports and logs on traffic steering.
Analyze the data to identify the NewEdge data planes used by remote users recently.
* Reference:
For more details on accessing and using the Client Steering section under Digital Experience Management, refer to the Netskope documentation on digital experience management and client steering.
質問 # 26
You want to take into account some recent adjustments to CCI scoring that were made in your Netskope tenant.
In this scenario, which two CCI aspects in the Ul would be used in a real-time protection policy? (Choose two.)
- A. App Tag
- B. CCL
- C. GDPR Readiness
- D. App Score
正解:A、D
解説:
To take into account some recent adjustments to CCI scoring that were made in your Netskope tenant, you can use the App Tag and App Score aspects in the UI to create a real-time protection policy. The App Tag is a label that indicates the level of enterprise readiness of a cloud app based on its CCI score. The App Score is a numerical value that represents the CCI score of a cloud app based on various criteria such as security, auditability, and business continuity. You can use these aspects to filter cloud apps by their CCI ratings and apply policies accordingly. For example, you can create a policy that blocks access to cloud apps with an App Tag of Poor or an App Score below 50. References: Netskope Cloud Confidence IndexCreating Real-Time Policies for Cloud Applications
質問 # 27
Your customer has cloud storage repositories containing sensitive files of their partners, including bank statements, consulting, and disclosure agreements. In this scenario, which feature would help them control the flow of these types of documents?
- A. DLP document classifiers
- B. Sandboxing
- C. ZTNA
- D. Netskope Advanced Analytics
正解:A
質問 # 28
A company is attempting to steer traffic to Netskope using GRE tunnels. They notice that after the initial configuration, users cannot access external websites from their browsers.
What are three probable causes for this issue? (Choose three.)
- A. The route map was applied to the wrong router interface.
- B. The pre-shared key for the GRE tunnel is incorrect.
- C. The configured GRE peer in the Netskope platform is incorrect.
- D. Netskope does not support GRE tunnels.
- E. The corporate firewall might be blocking GRE traffic.
正解:A、C、E
解説:
In this scenario, there are three probable causes for the issue of users not being able to access external websites from their browsers after attempting to steer traffic to Netskope using GRE tunnels. One cause is that the configured GRE peer in the Netskope platform is incorrect, which means that the Netskope POP that is supposed to receive the GRE traffic from the customer's network is not matching the IP address of the customer's router that is sending the GRE traffic. This will result in a failure to establish a GRE tunnel between the customer and Netskope. Another cause is that the corporate firewall might be blocking GRE traffic, which means that the firewall rules are not allowing the GRE protocol (IP protocol number 47) or the UDP port 4789 (for VXLAN encapsulation) to pass through. This will result in a failure to send or receive GRE packets between the customer and Netskope. A third cause is that the route map was applied to the wrong router interface, which means that the configuration that specifies which traffic should be steered to Netskope using GRE tunnels was not applied to the correct interface on the customer's router. This will result in a failure to steer the desired traffic to Netskope. The pre-shared key for the GRE tunnel is incorrect is not a probable cause for this issue, as GRE tunnels do not use pre-shared keys for authentication or encryption. Netskope does support GRE tunnels, so this is not a cause for this issue either. Reference: [Netskope Secure Forwarder], Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 3: Steering Configuration, Lesson 3: Secure Forwarder.
質問 # 29
Your company asks you to obtain a detailed list of all events from the last 24 hours for a specific user. In this scenario, what are two methods to accomplish this task? (Choose two.)
- A. Use the Netskope REST API.
- B. Use the Netskope reporting engine.
- C. Export the data from Skope IT Application Events.
- D. Export the data from Skope IT Alerts.
正解:A、C
解説:
In this scenario, there are two methods to obtain a detailed list of all events from the last 24 hours for a specific user. One method is to export the data from Skope IT Application Events, which is a feature in the Netskope platform that allows you to view and analyze all the activities performed by users on cloud applications. You can use filters to narrow down your search by user name, time range, application, activity, and other criteria. You can then export the data to a CSV or JSON file for further analysis or reporting. Another method is to use the Netskope REST API, which is a programmatic interface that allows you to access and manipulate data from the Netskope platform using HTTP requests. You can use the API to query for events by user name, time range, application, activity, and other parameters. You can then retrieve the data in JSON format for further analysis or integration with other tools. Using the Netskope reporting engine or exporting the data from Skope IT Alerts are not methods to obtain a detailed list of all events from the last 24 hours for a specific user, as they are more suited for generating summary reports or alerts based on predefined criteria or thresholds, rather than granular event data. Reference: [Netskope Skope IT Application Events], [Netskope REST API].
質問 # 30
Which two capabilities are part of Netskope's Adaptive Zero Trust Data Protection? (Choose two.)
- A. contextual risk awareness
- B. contextual metadata storage
- C. continuous enforcement of all policies
- D. continuous adaptive policies
正解:A、D
解説:
Adaptive Zero Trust Data Protection Overview:
* Netskope's Adaptive Zero Trust Data Protection ensures that data is protected based on continuous risk assessments and adaptive policies that respond to changing contexts and threats.
Contextual Risk Awareness:
* This capability involves understanding the context around data access and usage to assess risk dynamically.
* Netskope leverages various signals such as user behavior, device security posture, location, and other factors to gauge risk levels.
* By continuously evaluating these factors, Netskope can enforce appropriate security measures in real-time.
Continuous Adaptive Policies:
* Policies in the Netskope platform adapt continuously based on the assessed risk and changing contexts.
* These policies are not static; they evolve based on ongoing risk assessments and threat intelligence.
* Adaptive policies ensure that security measures are always aligned with the current threat landscape and organizational requirements.
References:
* For detailed capabilities and how they are implemented, refer to the Netskope documentation on Adaptive Zero Trust Data Protection.
質問 # 31
You want to take into account some recent adjustments to CCI scoring that were made in your Netskope tenant.
In this scenario, which two CCI aspects in the Ul would be used in a real-time protection policy? (Choose two.)
- A. App Tag
- B. CCL
- C. GDPR Readiness
- D. App Score
正解:A、D
解説:
To take into account some recent adjustments to CCI scoring that were made in your Netskope tenant, you can use the App Tag and App Score aspects in the UI to create a real-time protection policy. The App Tag is a label that indicates the level of enterprise readiness of a cloud app based on its CCI score. The App Score is a numerical value that represents the CCI score of a cloud app based on various criteria such as security, auditability, and business continuity. You can use these aspects to filter cloud apps by their CCI ratings and apply policies accordingly. For example, you can create a policy that blocks access to cloud apps with an App Tag of Poor or an App Score below 50. References: Netskope Cloud Confidence IndexCreating Real-Time Policies for Cloud Applications
質問 # 32
What are two supported ways to provision users to your customer's Netskope tenant? (Choose two.)
- A. Use the Directory Importer.
- B. Use SCIM.
- C. Use the AD Connector.
- D. Use Microsoft Intune.
正解:B、C
解説:
* AD Connector:
The AD Connector is used to integrate your Netskope tenant with Active Directory (AD) to provision and synchronize user accounts.
It ensures that user information in Netskope is always up-to-date by periodically synchronizing with AD.
To set up the AD Connector:
Navigate to Settings > Tools > Directory Importer.
Configure the AD Connector with your AD details.
Set the synchronization schedule.
This method is commonly used in enterprise environments where AD is the primary user directory.
* SCIM (System for Cross-domain Identity Management):
SCIM is an open standard for automating the exchange of user identity information between identity domains or IT systems.
Netskope supports SCIM for provisioning users from identity providers like Okta, Azure AD, and others.
To configure SCIM:
Go to Settings > Tools > SCIM.
Follow the instructions to set up SCIM with your identity provider.
SCIM is beneficial for environments using modern identity management solutions.
* Reference:
For detailed configuration steps and additional information, refer to the Netskope documentation on provisioning users using the AD Connector and SCIM.
質問 # 33
......
2024年最新のFast2test NSK101のPDFで最近更新された問題です:https://jp.fast2test.com/NSK101-premium-file.html