Netskope NSK200 Netskope Certified Cloud Security Integrator NCCSI Exam Practice Test

Page: 1 / 14
Total 93 questions
Question 1

You want to prevent a document stored in Google Drive from being shared externally with a public link. What would you configure in Netskope to satisfy this requirement?



Answer : B

To prevent a document stored in Google Drive from being shared externally with a public link, you need to configure an API Data Protection policy in Netskope.An API Data Protection policy allows you to discover, classify, and protect data that is already resident in your cloud services, such as Google Drive1. You can create a policy that matches the documents you want to protect based on criteria such as users, content, activity, or DLP profiles.Then, you can choose an action to prevent the documents from being shared externally, such as remove external collaborators, remove public links, or quarantine2. Therefore, option B is correct and the other options are incorrect.Reference:API Data Protection - Netskope Knowledge Portal,Add a Policy for API Data Protection - Netskope Knowledge Portal


Question 2

Review the exhibit.

You want to discover new cloud applications in use within an organization.

Referring to the exhibit, which three methods would accomplish this task? (Choose three.)



Answer : B, C, E

To discover new cloud applications in use within an organization, three methods that would accomplish this task are B. Deploy an On-Premises Log Parser (OPLP), C. Use forward proxy steering methods to direct cloud traffic to Netskope, and E. Upload firewall or proxy logs directly into the Netskope platform. An On-Premises Log Parser (OPLP) is a software component that allows you to parse logs from your on-premises firewall or proxy devices and send them to the Netskope cloud for analysis and reporting.You can deploy an OPLP on a Linux server in your network and configure it to connect to your log sources and upload logs periodically or in real time3. A forward proxy steering method is a way of directing your web traffic from your users' devices or browsers to the Netskope cloud for inspection and policy enforcement.You can use forward proxy steering methods such as PAC file, VPN, or inline proxy to steer traffic to Netskope and discover new cloud applications in use4. Uploading firewall or proxy logs directly into the Netskope platform is a way of manually sending logs from your log sources to the Netskope cloud for analysis and reporting.You can upload firewall or proxy logs directly into the Netskope platform by going to SkopeIT > Settings > Log Upload > New Log Upload and selecting the log source type, file format, log file, and time zone5. Therefore, options B, C, and E are correct and the other options are incorrect.Reference:On-Premises Log Parser - Netskope Knowledge Portal,Traffic Steering - Netskope Knowledge Portal,Upload Firewall or Proxy Logs Directly into the Platform - Netskope Knowledge Portal


Question 3

You are implementing tenant access security and governance controls for privileged users. You want to start with controls that are natively available within the Netskope Cloud Security Platform and do not require external or third-party integration.

Which three access controls would you use in this scenario? (Choose three.)



Answer : A, B, C

To implement tenant access security and governance controls for privileged users, you can use the following access controls that are natively available within the Netskope Cloud Security Platform and do not require external or third-party integration:

IP allowlisting to control access based upon source IP addresses.This allows you to specify the IP addresses that are allowed to access your Netskope tenant2. This can prevent unauthorized access from unknown or malicious sources.

Login attempts to set the number of failed attempts before the admin user is locked out of the UI.This allows you to configure how many times an admin can enter an incorrect password before being locked out for a specified period of time3. This can prevent brute-force attacks or password guessing attempts.

Applying predefined or custom roles to limit the admin's access to only those functions required for their job.This allows you to assign different levels of permissions and access rights to different admins based on their roles and responsibilities4. This can enforce the principle of least privilege and reduce the risk of misuse or abuse of admin privileges. Therefore, options A, B, and C are correct and the other options are incorrect.Reference:Secure Tenant Configuration and Hardening - Netskope Knowledge Portal,Admin Settings - Netskope Knowledge Portal,Create Roles - Netskope Knowledge Portal


Question 4

Your company has Microsoft Azure ADFS set up as the Identity Provider (idP). You need to deploy the Netskope client to all company users on Windows laptops without user intervention.

In this scenario, which two deployment options would you use? (Choose two.)



Answer : A, B

To deploy the Netskope client to all company users on Windows laptops without user intervention, you can use either SCCM or GPO.These are two methods of packaging the application and pushing it silently to the user's device using Microsoft tools4. These methods do not require the user to have local admin privileges or to initiate the installation themselves. They also allow enforcing the use of the client through company policy.The Netskope client can authenticate the user using Azure ADFS as the identity provider, as long as the UPN of the logged in user matches the directory5


Question 5

You discover the ongoing use of the native Dropbox client in your organization. Although Dropbox is not a corporate-approved application, you do not want to prevent the use of Dropbox. You do, however, want to ensure visibility into its usage.



Answer : D

To allow the usage of Dropbox while maintaining visibility, create a new tenant steering exception of type 'Destination Locations' for Dropbox. This will enable traffic visibility for Dropbox while avoiding a block, as requested.


Question 6

After deploying the Netskope client to a number of devices, users report that the Client status indicates "Admin Disabled". User and gateway information is displayed correctly in the client configuration dialog

Why are clients installing in an "Admin Disabled" state in this scenario?



Answer : A

The Netskope client can be disabled by the administrator from the Netskope console. This is useful for troubleshooting or maintenance purposes. When the client is disabled by the administrator, it shows the status as ''Admin Disabled'' and does not apply any policies or steer any traffic. The user cannot enable the client unless the administrator enables it from the console.The other options are not valid reasons for the client to be in an ''Admin Disabled'' state.Reference: Netskope Client Status1, Enable or Disable Netskope Client2


Question 7

Review the exhibit.

Your company uses Google as the corporate collaboration suite; however, corporate policy restricts the use of personal Google services. The exhibit provides a partially completed policy to ensure that users cannot log into their personal account.

What should be added to achieve the desired outcome in this scenario?



Answer : B

In order to restrict users from logging into their personal Google accounts, the policy should include a user constraint. This will ensure that only users with corporate accounts can access the corporate collaboration suite. The user constraint can be added by selecting the ''User'' option in the ''Source'' field and then choosing the appropriate user group or identity provider. The other options are not relevant for this scenario.Reference: [Creating a Policy to Block Personal Google Services], [Policy Creation], [User Constraint]


Page:    1 / 14   
Total 93 questions