You investigate a suspected malware incident and confirm that it was a false alarm.
D
Explanation:
A file filter is a list of file hashes that you can use to exclude files from inspection by Netskope. By
adding the hash of the file that triggered a false alarm to the file filter, you can prevent it from being
scanned again by Netskope and avoid generating another incident. Quarantining the file, exporting
the packet capture, or looking up the hash at VirusTotal are not effective ways to prevent the same
file from triggering another incident, as they do not affect how Netskope handles the
file. Reference:
Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course
,
Module 6: Data Loss Prevention, Lesson 2: File Filters.
Which two common security frameworks are used today to assess and validate a vendor's security
practices? (Choose two.)
B, C
Explanation:
The Building Security in Maturity Model (BSIMM) is a framework that measures and compares the
security activities of different organizations. It helps organizations to assess their current security
practices and identify areas for improvement. ISO 27001 is an international standard that specifies
the requirements for establishing, implementing, maintaining, and improving an information
security management system. It helps organizations to manage their information security risks and
demonstrate their compliance with best practices. Data Science Council of America (DASCA) is not a
security framework, but a credentialing body for data science professionals. NIST Cybersecurity
Framework (NIST CSF) is a security framework, but it is not commonly used to assess and validate a
vendor’s security practices, as it is more focused on improving the cybersecurity of critical
infrastructure sectors in the United States. Reference: [BSIMM], [ISO 27001], [DASCA], [NIST CSF].
You have applied a DLP Profile to block all Personally Identifiable Information data uploads to
Microsoft 365 OneDrive. DLP Alerts are not displayed and no OneDrive-related activities are
displayed in the Skope IT App Events table.
In this scenario, what are two possible reasons for this issue? (Choose two.)
AB
Explanation:
If the Cloud Storage category is in the Steering Configuration as an exception, then Netskope will not
steer any traffic to or from cloud storage applications, such as Microsoft 365 OneDrive, to its
platform. This means that Netskope will not be able to inspect or apply any policies to this traffic,
including DLP policies. Similarly, if the destination domain is excluded from decryption in the
decryption policy, then Netskope will not decrypt any traffic to or from that domain, such as
onedrive.com. This means that Netskope will not be able to inspect or apply any policies to this
traffic, including DLP policies. The location of the Netskope POP or the use of IPsec as a steering
option do not affect the application of DLP policies, as long as Netskope can steer and decrypt the
relevant traffic. Reference:
Netskope Security Cloud Operation & Administration (NSCO&A) -
Classroom Course
, Module 3: Steering Configuration, Lesson 1: Steering Options and Lesson 2:
Exceptions; Module 4: Decryption Policy, Lesson 1: Decryption Policy Overview and Lesson 2:
Decryption Policy Configuration.
: https://www.bsimm.com/ : https://www.iso.org/isoiec-27001-information-security.html :
https://www.dasca.org/ : https://www.nist.gov/cyberframework
A customer changes CCI scoring from the default objective score to another score. In this scenario,
what would be a valid reason for making this change?
B
Explanation:
The CCI scoring is a way to measure the security posture of cloud applications based on a set of
criteria and weights. The default objective score is calculated by Netskope using industry best
practices and standards. However, customers can change the CCI scoring to suit their own business
needs and risk appetite. For example, a customer may want to place a higher business risk weight on
vendors that claim ownership of their data, as this may affect their data sovereignty and privacy
rights. Changing the CCI scoring for this reason would be valid, as it reflects the customer’s own
security requirements and preferences. Changing the CCI scoring for other reasons, such as
discovering a new SaaS application, punishing an application vendor, or using an application under
research, would not be valid, as they do not align with the purpose and methodology of the CCI
scoring. Reference:
Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom
Course
, Module 7: Cloud Confidence Index (CCI), Lesson 1: CCI Overview and Lesson 2: CCI Scoring.
What are two use cases for Netskope's DLP solution? (Choose two.)
A, D
Explanation:
Netskope’s DLP solution is a powerful tool that can help customers protect their sensitive data from
unauthorized access, exposure, or loss. One use case for Netskope’s DLP solution is to stop
unintentional data movement, such as accidental uploads, downloads, or sharing of confidential files
or information to or from cloud applications. Another use case for Netskope’s DLP solution is to
ensure regulatory compliance, such as GDPR, HIPAA, PCI-DSS, or other industry-specific standards
that require data protection and privacy measures. Netskope’s DLP solution can help customers
comply with these regulations by detecting and preventing data breaches, enforcing encryption
policies, applying data retention rules, and generating audit reports. Detecting malware in files
before they are uploaded to a cloud application or detecting sensitive data in password protected
files are not use cases for Netskope’s DLP solution, as they are more related to threat protection or
file inspection capabilities. Reference:
Netskope Security Cloud Operation & Administration
(NSCO&A) - Classroom Course
, Module 6: Data Loss Prevention, Lesson 1: DLP Overview.
What are two uses for deploying a Netskope Virtual Appliance? (Choose two.)
A, D
Explanation:
A Netskope Virtual Appliance is a software-based appliance that can be deployed on-premises or in
the cloud to provide various functions and features for the Netskope Security Cloud platform. One
use for deploying a Netskope Virtual Appliance is as an endpoint for Netskope Private Access (NPA),
which is a service that allows users to securely access private applications without exposing them to
the internet or using VPNs. Another use for deploying a Netskope Virtual Appliance is as a Secure
Forwarder to steer traffic from on-premises devices or networks to the Netskope platform for
inspection and policy enforcement. Using a Netskope Virtual Appliance as a local reverse-proxy to
secure a SaaS application or as a log parser to discover in-use cloud applications are not valid uses, as
these functions are performed by other components of the Netskope Security Cloud platform, such
as the Cloud Access Security Broker (CASB) or the Cloud XD engine. Reference:
Netskope Security
Cloud Operation & Administration (NSCO&A) - Classroom Course
, Module 2: Architecture Overview;
[Netskope Private Access]; [Netskope Secure Forwarder].
You are working with a large retail chain and have concerns about their customer dat
a. You want to protect customer credit card data so that it is never exposed in transit or at rest. In this
scenario, which regulatory compliance standard should be used to govern this data?
B
Explanation:
PCI-DSS stands for Payment Card Industry Data Security Standard, which is a set of security
requirements for organizations that handle credit card data. It aims to protect cardholder data from
unauthorized access, disclosure, or theft, both in transit and at rest. PCI-DSS covers various aspects of
security, such as encryption, authentication, firewall, logging, monitoring, and incident response. If
you are working with a large retail chain and have concerns about their customer data, you should
use PCI-DSS as the regulatory compliance standard to govern this data. SOC 3, AES-256, and ISO
27001 are not specific to credit card data protection, although they may have some relevance to
general security practices. Reference: [PCI-DSS], [SOC 3], [AES-256], [ISO 27001].
You need to block all users from uploading data files into risky collaboration applications. Which
element must you configure within Netskope's CASB to accomplish this task?
B
Explanation:
A real-time policy is a type of policy in Netskope’s CASB that allows you to control the actions that
users can perform on cloud applications in real time. You can use a real-time policy to block all users
from uploading data files into risky collaboration applications by specifying the following elements:
the application category (such as Collaboration), the activity (such as Upload), the file type (such as
Data), the risk level (such as High or Very High), and the action (such as Block). A DLP rule, a DLP
profile, and a block notification are not sufficient to accomplish this task, as they are either sub-
components or outcomes of a real-time policy. Reference:
Netskope Security Cloud Operation &
Administration (NSCO&A) - Classroom Course
, Module 5: Real-Time Policies, Lesson 1: Real-Time
Policy Overview and Lesson 2: Real-Time Policy Configuration.
Which three security controls are offered by the Netskope Cloud platform? (Choose three.)
BCE
Explanation:
Three security controls that are offered by the Netskope Cloud platform are: C. cloud security
posture management, E. threat protection, and B. data loss prevention for SMTP.
Cloud security posture management is a service that provides continuous assessment and
remediation of public cloud deployments for risks, threats, and compliance issues. Netskope CSPM
leverages the APIs available from cloud service providers such as AWS, Azure, and GCP to scan the
cloud infrastructure for misconfigurations, such as insecure permissions, open ports, unencrypted
data, etc. Netskope CSPM also provides security posture policies, profiles, and rules that can be
customized to match the security standards and best practices of the organization or industry.
Threat protection is a capability to detect and block malware, ransomware, phishing, and other cyber
threats that may compromise cloud data or users. Netskope threat protection uses advanced
techniques such as machine learning, sandboxing, threat intelligence, and behavioral analysis to
identify and prevent malicious activities in real time.
Netskope threat protection also integrates with
third-party solutions such as antivirus engines, firewalls, SIEMs, etc., to provide comprehensive
defense across the cloud and web1
.
Data loss prevention for SMTP is a feature that allows you to protect sensitive data that is sent or
received via email. Netskope DLP for SMTP can scan email messages and attachments for predefined
or custom data patterns, such as credit card numbers, social security numbers, health records, etc.,
and apply appropriate actions, such as block, quarantine, encrypt, notify, etc., based on the DLP
policies.
Netskope DLP for SMTP can also support multiple email domains and routing rules for
different groups of users2
.
You want to use an out-of-band API connection into your sanctioned Microsoft 365 OneDrive for
Business application to find sensitive content, enforce near real-time policy controls, and quarantine
malware.
In this scenario, which primary function in the Netskope platform would you use to connect your
application to Netskope?
D
Explanation:
SaaS API-enabled Protection is a primary function in the Netskope platform that allows customers to
connect their sanctioned SaaS applications to Netskope using out-of-band API connections. This
enables customers to find sensitive content, enforce near real-time policy controls, and quarantine
malware in their SaaS applications without affecting user experience or performance. If you want to
use an out-of-band API connection into your sanctioned Microsoft 365 OneDrive for Business
application to achieve these goals, you should use SaaS API-enabled Protection as the primary
function in the Netskope platform. DLP forensics, Risk Insights, and IaaS API-enabled Protection are
not primary functions in the Netskope platform that can be used to connect your application to
Netskope. Reference: [Netskope SaaS API-enabled Protection].
You need to create a service request ticket for a client-related issue using the Netskope client Ul. In
this scenario, you generate the client logs by right-clicking on the system tray icon and choosing
C
Explanation:
To create a service request ticket for a client-related issue using the Netskope client UI, you need to
generate the client logs by right-clicking on the system tray icon and choosing Troubleshoot. This will
open a window where you can select the option to Save Logs, which will create a zip file containing
the client logs. You can then attach this file to your service request ticket and provide any relevant
details about the issue. Choosing Save logs, Configuration, or Help will not generate the client logs,
as they perform different functions, such as saving the current configuration, opening the settings
menu, or opening the help page. Reference: [Netskope Client Troubleshooting].
What are two characteristics of Netskope's Private Access Solution? (Choose two.)
AB
Explanation:
Netskope’s Private Access Solution is a service that allows users to securely access private
applications without exposing them to the internet or using VPNs. It provides protection for private
applications by encrypting the traffic, enforcing granular policies, and preventing data exfiltration. It
also provides access to private applications by creating a secure tunnel between the user’s device
and the application’s server, regardless of their location or network. It does not act as a cloud-based
firewall, as it does not filter or block traffic based on ports or protocols. It does not require on-
premises hardware, as it is a cloud-native solution that leverages Netskope’s global network of
points of presence (POPs). Reference: [Netskope Private Access].
You are required to mitigate malicious scripts from being downloaded into your corporate devices
every time a user goes to a website. Users need to access websites from a variety of categories,
including new websites.
Which two actions would help you accomplish this task while allowing the user to work? (Choose
two.)
B, C
Explanation:
To mitigate malicious scripts from being downloaded into your corporate devices every time a user
goes to a website, you need to use Netskope’s threat protection features to block or isolate
potentially harmful web traffic. Two actions that would help you accomplish this task while allowing
the user to work are: block malware detected on download activity for all remaining categories and
block known bad websites and enable RBI to uncategorized domains. The first action will prevent any
files that contain malware from being downloaded to your devices from any website category, except
those that are explicitly allowed or excluded by your policies. The second action will prevent any
websites that are classified as malicious or phishing by Netskope from being accessed by your users
and enable Remote Browser Isolation (RBI) to uncategorized domains, which are domains that have
not been assigned a category by Netskope. RBI is a feature that allows users to browse websites in a
virtual browser hosted in the cloud, without exposing their devices to any scripts or content from the
website. Allowing the user to browse uncategorized domains but restrict edit activities or allowing a
limited amount of domains and block everything else are not effective actions, as they may either
limit the user’s productivity or expose them to unknown risks. Reference: [Netskope Threat
Protection], [Netskope Remote Browser Isolation].
A customer asks you to create several real-time policies. Policy A generates alerts when any user
downloads, uploads, or shares files on a cloud storage application. Policy B blocks users from
downloading files from any operating system (OS) other than Mac or Windows for cloud storage. In
this case, policy A is least restrictive and policy B is more restrictive.
Which statement is correct in this scenario?
B
Explanation:
In this scenario, policy B is more restrictive than policy A, as it blocks users from downloading files
from any OS other than Mac or Windows for cloud storage, while policy A only generates alerts when
any user downloads, uploads, or shares files on a cloud storage application. Therefore, policy B
should be implemented before policy A, as the policy order determines the order of evaluation and
enforcement of the policies. If policy A is implemented before policy B, then policy B will never be
triggered, as policy A will match all the download activities for cloud storage and generate alerts. The
policy order is important; policies are not independent of each other, as they may have overlapping
or conflicting conditions and actions. These two policies would actually work together, as long as
they are ordered correctly. Reference:
Netskope Security Cloud Operation & Administration
(NSCO&A) - Classroom Course
, Module 5: Real-Time Policies, Lesson 3: Policy Order.
A company is attempting to steer traffic to Netskope using GRE tunnels. They notice that after the
initial configuration, users cannot access external websites from their browsers.
What are three probable causes for this issue? (Choose three.)
BCD
Explanation:
In this scenario, there are three probable causes for the issue of users not being able to access
external websites from their browsers after attempting to steer traffic to Netskope using GRE
tunnels. One cause is that the configured GRE peer in the Netskope platform is incorrect, which
means that the Netskope POP that is supposed to receive the GRE traffic from the customer’s
network is not matching the IP address of the customer’s router that is sending the GRE traffic. This
will result in a failure to establish a GRE tunnel between the customer and Netskope. Another cause
is that the corporate firewall might be blocking GRE traffic, which means that the firewall rules are
not allowing the GRE protocol (IP protocol number 47) or the UDP port 4789 (for VXLAN
encapsulation) to pass through. This will result in a failure to send or receive GRE packets between
the customer and Netskope. A third cause is that the route map was applied to the wrong router
interface, which means that the configuration that specifies which traffic should be steered to
Netskope using GRE tunnels was not applied to the correct interface on the customer’s router. This
will result in a failure to steer the desired traffic to Netskope. The pre-shared key for the GRE tunnel
is incorrect is not a probable cause for this issue, as GRE tunnels do not use pre-shared keys for
authentication or encryption. Netskope does support GRE tunnels, so this is not a cause for this issue
either. Reference: [Netskope Secure Forwarder],
Netskope Security Cloud Operation &
Administration (NSCO&A) - Classroom Course
, Module 3: Steering Configuration, Lesson 3: Secure
Forwarder.