1. Home
  2. Netskope
  3. NCCSA
  4. NSK300
  5. Netskope Certified Cloud Security Architect Exam Questions and Answers

Pass the Netskope NCCSA NSK300 Questions and answers with CertsForce

 Netskope Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions
Questions # 1:

You want to verify that Google Drive is being tunneled to Netskope by looking in the nsdebuglog file. You are using Chrome and the Netskope Client to steer traffic. In this scenario, what would you expect to see in the log file?

A)

Question # 1

B)

Question # 1

C)

Question # 1

D)

Question # 1

Options:
A.

Option A

B.

Option B

C.

Option C

D.

Option D

Expert Solution
Questions # 2:

Given the following:

Question # 2

Which result does this Skope IT query provide?

Options:
A.

The query returns all events of user@company.com downloading or uploading to or from the site 'Amazon S3" using the Netskope Client.

B.

The query returns all events of an IP address downloading or uploading to or from Amazon S3 using the Netskope Client.

C.

The query returns all events of everyone except user@company.com downloading or uploading to or from the site "Amazon S3" using the Netskope Client.

D.

The query returns all events of user@company.com downloading or uploading to or from the application "Amazon S3" using the Netskope Client.

Expert Solution
Questions # 3:

A company has deployed Explicit Proxy over Tunnel (EPoT) for their VDI users They have configured Forward Proxy authentication using Okta Universal Directory They have also configured a number of Real-time Protection policies that block access to different Web categories for different AD groups so. for example, marketing users are blocked from accessing gambling sites. During User Acceptance Testing, they see inconsistent results where sometimes marketing users are able to access gambling sites and sometimes they are blocked as expected They are seeing this inconsistency based on who logs into the VDI server first.

What is causing this behavior?

Options:
A.

Forward Proxy is not configured to use the Cookie Surrogate

B.

Forward Proxy is not configured to use the IP Surrogate

C.

Forward Proxy authentication is configured but not enabled.

D.

Forward Proxy is configured to use the Cookie Surrogate

Expert Solution
Questions # 4:

You are using Netskope CSPM for security and compliance audits across your multi-cloud environments. To decrease the load on the security operations team, you are researching how to auto-re mediate some of the security violations found in low-risk environments.

Which statement is correct in this scenario?

Options:
A.

Netskope does not support automatic remediation of security violation results due to the high risk associated with it.

B.

You can use Netskope API-enabled Protection for auto-remediation of security violation results.

C.

You can use Netskope Auto-remediation frameworks from the public Netskope GitHub Open Source repository for auto-re mediation of security violation results.

D.

You can use Netskope Cloud Exchange for auto-remediation of security violation results.

Expert Solution
Questions # 5:

You have multiple networking clients running on an endpoint and client connectivity is a concern. You are configuring co-existence with a VPN solution in this scenario, what is recommended to prevent potential routing issues?

Options:
A.

Configure the VPN to split tunnel traffic by adding the Netskope IP and Google DNS ranges and set to Exclude in the VPN configuration.

B.

Modify the VPN to operate in full tunnel mode at Layer 3. so that the Netskope agent will always see the traffic first.

C.

Configure the VPN to full tunnel traffic and add an SSL Do Not Decrypt policy to the VPN configuration for all Netskope traffic.

D.

Configure a Network Location with the VPN IP ranges and add it as a Steering Configuration exception.

Expert Solution
Questions # 6:

What are three valid Instance Types for supported SaaS applications when using Netskope's API-enabled Protection? (Choose three.)

Options:
A.

Forensic

B.

API Data Protection

C.

Behavior Analytics

D.

DLP Scan

E.

Quarantine

Expert Solution
Questions # 7:

Review the exhibit.

Question # 7

You are the proxy administrator for a medical devices company. You recently changed a pilot group of users from cloud app steering to all Web traffic. Pilot group users have started to report that they receive the error shown in the exhibit when attempting to access the company intranet site that is publicly available. During troubleshooting, you realize that this site uses your company's internal certificate authority for SSL certificates.

Which three statements describe ways to solve this issue? (Choose three.)

Options:
A.

Import the root certificate for your internal certificate authority into Netskope.

B.

Bypass SSL inspection for the affected site(s).

C.

Create a Real-time Protection policy to allow access.

D.

Change the SSL Error Settings from Block to Bypass in the Netskope tenant.

E.

Instruct the user to proceed past the error message

Expert Solution
Questions # 8:

You jus! deployed and registered an NPA publisher for your first private application and need to provide access to this application for the Human Resources (HR) users group only. How would you accomplish this task?

Options:
A.

1. Enable private app steering in the Steering Configuration assigned to the HR group.

2. Create a new Private App.

3. Create a new Real-time Protection policy as follows;

Source = HR user group Destination = Private App Action = Allow

B.

1. Create a new private app and assign it to the HR user group.

2. Create a new Real-time Protection policy as follows:

Source = HR user group Destination = Private App Action = Allow.

C.

1. Enable private app steering in Tenant Steering Configuration.

2. Create a new private app and assign it to the HR user group.

D.

1. Enable private app steering in the Steering Configuration assigned to the HR group.

2. Create a new private app and assign it to the HR user group

3. Create a new Real-time Protection policy as follows:

Source = HR user group Destination = Private App Action = Allow

Expert Solution
Questions # 9:

Review the exhibit.

Question # 9

You installed Directory Importer and configured it to import specific groups ot users into your Netskope tenant as shown in the exhibit. One hour after a new user has been added to the domain, the user still has not been provisioned to Netskope.

What are three potential reasons for this failure? (Choose three.)

Options:
A.

Directory Importer does not support ongoing user syncs; you must manually provision the user.

B.

The server that the Directory Importer is installed on is unable to reach Netskope's add-on endpomt.

C.

The user is not a member of the group specified as a filter

D.

Active Directory integration is not enabled on your tenant.

E.

The default collection interval is 180 minutes, therefore a sync may not have run yet.

Expert Solution
Questions # 10:

You configured a pair of IPsec funnels from the enterprise edge firewall to a Netskope data plane. These tunnels have been implemented to steer traffic for a set of defined HTTPS SaaS applications accessed from end-user devices that do not support the Netskope Client installation. You discover that all applications steered through this tunnel are non-functional.

According to Netskope. how would you solve this problem?

Options:
A.

Restart the tunnel to stop the tunnel from flapping.

B.

Downgrade from IKE v2 to IKE v1.

C.

Install the Netskope root and intermediate certificates on the end-user devices.

D.

Disable Perfect Forward Secrecy on the tunnel configuration.

Expert Solution
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions