You need to create a service request ticket for a client-related issue using the Netskope client Ul. In
this scenario, you generate the client logs by right-clicking on the system tray icon and choosing
C
Explanation:
To create a service request ticket for a client-related issue using the Netskope client UI, you need to
generate the client logs by right-clicking on the system tray icon and choosing Troubleshoot. This will
open a window where you can select the option to Save Logs, which will create a zip file containing
the client logs. You can then attach this file to your service request ticket and provide any relevant
details about the issue. Choosing Save logs, Configuration, or Help will not generate the client logs,
as they perform different functions, such as saving the current configuration, opening the settings
menu, or opening the help page. Reference: [Netskope Client Troubleshooting].
What are two characteristics of Netskope's Private Access Solution? (Choose two.)
AB
Explanation:
Netskope’s Private Access Solution is a service that allows users to securely access private
applications without exposing them to the internet or using VPNs. It provides protection for private
applications by encrypting the traffic, enforcing granular policies, and preventing data exfiltration. It
also provides access to private applications by creating a secure tunnel between the user’s device
and the application’s server, regardless of their location or network. It does not act as a cloud-based
firewall, as it does not filter or block traffic based on ports or protocols. It does not require on-
premises hardware, as it is a cloud-native solution that leverages Netskope’s global network of
points of presence (POPs). Reference: [Netskope Private Access].
You are required to mitigate malicious scripts from being downloaded into your corporate devices
every time a user goes to a website. Users need to access websites from a variety of categories,
including new websites.
Which two actions would help you accomplish this task while allowing the user to work? (Choose
two.)
B, C
Explanation:
To mitigate malicious scripts from being downloaded into your corporate devices every time a user
goes to a website, you need to use Netskope’s threat protection features to block or isolate
potentially harmful web traffic. Two actions that would help you accomplish this task while allowing
the user to work are: block malware detected on download activity for all remaining categories and
block known bad websites and enable RBI to uncategorized domains. The first action will prevent any
files that contain malware from being downloaded to your devices from any website category, except
those that are explicitly allowed or excluded by your policies. The second action will prevent any
websites that are classified as malicious or phishing by Netskope from being accessed by your users
and enable Remote Browser Isolation (RBI) to uncategorized domains, which are domains that have
not been assigned a category by Netskope. RBI is a feature that allows users to browse websites in a
virtual browser hosted in the cloud, without exposing their devices to any scripts or content from the
website. Allowing the user to browse uncategorized domains but restrict edit activities or allowing a
limited amount of domains and block everything else are not effective actions, as they may either
limit the user’s productivity or expose them to unknown risks. Reference: [Netskope Threat
Protection], [Netskope Remote Browser Isolation].
A customer asks you to create several real-time policies. Policy A generates alerts when any user
downloads, uploads, or shares files on a cloud storage application. Policy B blocks users from
downloading files from any operating system (OS) other than Mac or Windows for cloud storage. In
this case, policy A is least restrictive and policy B is more restrictive.
Which statement is correct in this scenario?
B
Explanation:
In this scenario, policy B is more restrictive than policy A, as it blocks users from downloading files
from any OS other than Mac or Windows for cloud storage, while policy A only generates alerts when
any user downloads, uploads, or shares files on a cloud storage application. Therefore, policy B
should be implemented before policy A, as the policy order determines the order of evaluation and
enforcement of the policies. If policy A is implemented before policy B, then policy B will never be
triggered, as policy A will match all the download activities for cloud storage and generate alerts. The
policy order is important; policies are not independent of each other, as they may have overlapping
or conflicting conditions and actions. These two policies would actually work together, as long as
they are ordered correctly. Reference:
Netskope Security Cloud Operation & Administration
(NSCO&A) - Classroom Course
, Module 5: Real-Time Policies, Lesson 3: Policy Order.
A company is attempting to steer traffic to Netskope using GRE tunnels. They notice that after the
initial configuration, users cannot access external websites from their browsers.
What are three probable causes for this issue? (Choose three.)
BCD
Explanation:
In this scenario, there are three probable causes for the issue of users not being able to access
external websites from their browsers after attempting to steer traffic to Netskope using GRE
tunnels. One cause is that the configured GRE peer in the Netskope platform is incorrect, which
means that the Netskope POP that is supposed to receive the GRE traffic from the customer’s
network is not matching the IP address of the customer’s router that is sending the GRE traffic. This
will result in a failure to establish a GRE tunnel between the customer and Netskope. Another cause
is that the corporate firewall might be blocking GRE traffic, which means that the firewall rules are
not allowing the GRE protocol (IP protocol number 47) or the UDP port 4789 (for VXLAN
encapsulation) to pass through. This will result in a failure to send or receive GRE packets between
the customer and Netskope. A third cause is that the route map was applied to the wrong router
interface, which means that the configuration that specifies which traffic should be steered to
Netskope using GRE tunnels was not applied to the correct interface on the customer’s router. This
will result in a failure to steer the desired traffic to Netskope. The pre-shared key for the GRE tunnel
is incorrect is not a probable cause for this issue, as GRE tunnels do not use pre-shared keys for
authentication or encryption. Netskope does support GRE tunnels, so this is not a cause for this issue
either. Reference: [Netskope Secure Forwarder],
Netskope Security Cloud Operation &
Administration (NSCO&A) - Classroom Course
, Module 3: Steering Configuration, Lesson 3: Secure
Forwarder.
What are two fundamental differences between the inline and API implementation of the Netskope
platform? (Choose two.)
BC
Explanation:
The inline and API implementation of the Netskope platform are two different ways of connecting
cloud applications to Netskope for inspection and policy enforcement. Two fundamental differences
between them are: The API implementation can only be used with sanctioned applications, which
are applications that are approved and authorized by the organization for business use. The API
implementation relies on using out-of-band API connections to access data and events from these
applications and apply near real-time policies. The inline implementation can effectively block a
transaction in both sanctioned and unsanctioned applications, which are applications that are not
approved or authorized by the organization for business use. The inline implementation relies on
using in-band proxy or reverse-proxy connections to intercept traffic to and from these applications
and apply real-time policies. The API implementation can be used with both sanctioned and
unsanctioned applications and the inline implementation can only effectively block a transaction in
sanctioned applications are not true statements, as they contradict the actual capabilities and
limitations of each implementation method. Reference: [Netskope SaaS API-enabled Protection],
[Netskope Inline CASB].
Your company asks you to obtain a detailed list of all events from the last 24 hours for a specific user.
In this scenario, what are two methods to accomplish this task? (Choose two.)
BC
Explanation:
In this scenario, there are two methods to obtain a detailed list of all events from the last 24 hours
for a specific user. One method is to export the data from Skope IT Application Events, which is a
feature in the Netskope platform that allows you to view and analyze all the activities performed by
users on cloud applications. You can use filters to narrow down your search by user name, time
range, application, activity, and other criteria. You can then export the data to a CSV or JSON file for
further analysis or reporting. Another method is to use the Netskope REST API, which is a
programmatic interface that allows you to access and manipulate data from the Netskope platform
using HTTP requests. You can use the API to query for events by user name, time range, application,
activity, and other parameters. You can then retrieve the data in JSON format for further analysis or
integration with other tools. Using the Netskope reporting engine or exporting the data from Skope
IT Alerts are not methods to obtain a detailed list of all events from the last 24 hours for a specific
user, as they are more suited for generating summary reports or alerts based on predefined criteria
or thresholds, rather than granular event data. Reference: [Netskope Skope IT Application Events],
[Netskope REST API].
Why would you want to define an App Instance?
B
Explanation:
An App Instance is a feature in the Netskope platform that allows you to define and identify different
instances of the same cloud application based on the domain name or URL. For example, you can
define an App Instance for your enterprise Google Drive instance (such as
drive.google.com/a/yourcompany.com) and another App Instance for your personal Google Drive
instance (such as drive.google.com). This way, you can differentiate between them and apply
different policies and actions based on the App Instance. You would want to define an App Instance
to achieve this level of granularity and control over your cloud application activities. Creating an API
Data Protection Policy for a personal Box instance, enabling the instance_id attribute in the advanced
search field, or differentiating between an enterprise Google Drive instance vs. an enterprise Box
instance are not valid reasons to define an App Instance, as they are either unrelated or irrelevant to
the App Instance feature. Reference:
Netskope Security Cloud Operation & Administration (NSCO&A)
- Classroom Course
, Module 5: Real-Time Policies, Lesson 4: App Instances.
You want to enable Netskope to gain visibility into your users' cloud application activities in an inline
mode.
In this scenario, which two deployment methods would match your inline use case? (Choose two.)
A, D
Explanation:
To enable Netskope to gain visibility into your users’ cloud application activities in an inline mode,
you need to use a deployment method that allows Netskope to intercept and inspect the traffic
between your users and the cloud applications in real time. Two deployment methods that would
match your inline use case are: use a forward proxy and use a reverse proxy. A forward proxy is a
deployment method that allows Netskope to act as a proxy server for your users’ outbound traffic to
the internet. You can configure your users’ devices or browsers to send their traffic to Netskope’s
proxy server, either manually or using PAC files or VPN profiles. A reverse proxy is a deployment
method that allows Netskope to act as a proxy server for your users’ inbound traffic from specific
cloud applications. You can configure your cloud applications to redirect their traffic to Netskope’s
proxy server, either using custom URLs or certificates. Using an API connector or a log parser are not
deployment methods that would match your inline use case, as they are more suitable for out-of-
band modes that rely on accessing data and events from the cloud applications using APIs or logs,
rather than intercepting traffic in real time. Reference: [Netskope Inline CASB],
Netskope Security
Cloud Operation & Administration (NSCO&A) - Classroom Course
, Module 3: Steering Configuration,
Lesson 4: Forward Proxy and Lesson 5: Reverse Proxy.
Which two cloud security and infrastructure enablement technologies does Secure Access Service
Edge (SASE) combine into its unified platform? (Choose two.)
BC
Explanation:
Secure Access Service Edge (SASE) is a cloud-based architecture that combines various cloud security
and infrastructure enablement technologies into a unified platform that delivers security and
networking services from the edge of the network. Two of these technologies are Zero Trust Network
Access (ZTNA) and Cloud Access Security Broker (CASB). ZTNA is a technology that provides secure
access to private applications without exposing them to the internet or using VPNs. It uses identity-
based policies and encryption to grant granular access to authorized users and devices, regardless of
their location or network. CASB is a technology that provides visibility and control over cloud
applications (SaaS) used by users and devices. It uses API connections or inline proxies to inspect and
enforce policies on data and activities in cloud applications, such as data loss prevention, threat
protection, or compliance. Distributed Denial of Service Protection (DDoS) and Unified Threat
Management (UTM) are not technologies that SASE combines into its unified platform, although they
may be related or integrated with some of its components. Reference: [SASE], [ZTNA], [CASB].