NSK101 Netskope Certified Cloud Security Administrator (NCCSA) Questions and Answers

To set up a real-time threat protection policy for patient zero to block previously unseen files until a benign verdict is produced by the Netskope Threat Protection Service, you need to configure the following parameters:

Block Action: This action ensures that any previously unseen file is blocked until it has been analyzed and a verdict has been reached. By blocking the file, the policy prevents potential threats from entering the network until they are deemed safe.

Remediation Profile: This profile defines the actions to be taken when a threat is detected. It includes configuring the alerts and responses (such as notifying administrators) when a file is blocked. This ensures that there is a process in place for handling detected threats and that appropriate measures are taken.

References:

Netskope Threat Protection documentation detailing the setup of real-time threat protection policies.

Configuration guides for policy actions and remediation profiles in the Netskope platform.

=================

A tombstone file is a placeholder file that replaces the original file when it is moved to quarantine by a Netskope policy. The tombstone file contains information about the original file, such as its name, size, type, owner, and the reason why it was quarantined. The tombstone file also provides a link to the Netskope UI where the administrator or the file owner can view more details about the incident and take appropriate actions, such as restoring or deleting the file. The purpose of using a tombstone file is to preserve the metadata and location of the original file, as well as to notify the users about the quarantine action and how to access the file if needed. References: Threat Protection - Netskope Knowledge PortalNetskope threat protection - Netskope

An App Instance is a feature in the Netskope platform that allows you to define and identify different instances of the same cloud application based on the domain name or URL. For example, you can define an App Instance for your enterprise Google Drive instance (such as drive.google.com/a/yourcompany.com) and another App Instance for your personal Google Drive instance (such as drive.google.com). This way, you can differentiate between them and apply different policies and actions based on the App Instance. You would want to define an App Instance to achieve this level of granularity and control over your cloud application activities. Creating an API Data Protection Policy for a personal Box instance, enabling the instance_id attribute in the advanced search field, or differentiating between an enterprise Google Drive instance vs. an enterprise Box instance are not valid reasons to define an App Instance, as they are either unrelated or irrelevant to the App Instance feature. References: Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 5: Real-Time Policies, Lesson 4: App Instances.

To discover GDPR data publicly exposed in Microsoft 365, Salesforce, and Slack-sanctioned cloud applications, you need to use a deployment model that allows Netskope to access and scan the data stored in these applications using out-of-band API connections. The deployment model that would match this requirement is API-enabled protection, which is a feature in the Netskope platform that allows you to connect your sanctioned cloud applications to Netskope using API connectors. This enables you to discover sensitive data, enforce near real-time policy controls, and quarantine malware in your cloud applications without affecting user experience or performance. You can use Netskope’s data loss prevention (DLP) engine to scan for GDPR data in your cloud applications and identify any public exposure or sharing settings that may violate the regulation. A reverse proxy, an on-premises appliance, or an inline protection are not deployment models that would help you discover GDPR data publicly exposed in your sanctioned cloud applications, as they are more suitable for inline modes that rely on intercepting traffic to and from these applications in real time, rather than accessing data stored in these applications using APIs. References: [Netskope SaaS API-enabled Protection], [Netskope Data Loss Prevention].

Netskope’s Private Access Solution is a service that allows users to securely access private applications without exposing them to the internet or using VPNs. It provides protection for private applications by encrypting the traffic, enforcing granular policies, and preventing data exfiltration. It also provides access to private applications by creating a secure tunnel between the user’s device and the application’s server, regardless of their location or network. It does not act as a cloud-based firewall, as it does not filter or block traffic based on ports or protocols. It does not require on-premises hardware, as it is a cloud-native solution that leverages Netskope’s global network of points of presence (POPs). References: [Netskope Private Access].

API-enabled Protection traffic is sent to the Netskope Data Plane. The Netskope Data Plane is responsible for processing and inspecting data in real-time, applying security policies, and ensuring that the traffic conforms to organizational policies.

Netskope Data Plane: This component handles the inline inspection and enforcement of security policies, including API-enabled protection. It ensures that all traffic is securely processed and monitored according to the defined policies.

References:

Netskope architecture documentation describing the roles of different components.

Detailed guides on how API-enabled protection integrates with the Netskope Data Plane for real-time traffic inspection.

=================

Two primary advantages of Netskope’s Secure Access Service Edge (SASE) architecture are: no on-premises hardware required for policy enforcement and single management console. Netskope’s SASE architecture delivers network and security services as cloud-based services that can be accessed from any location and device. This eliminates the need for on-premises hardware appliances such as firewalls, proxies, VPNs, etc., that are costly to maintain and scale. Netskope’s SASE architecture also provides a single management console that allows administrators to configure and monitor all the network and security services from one place. This simplifies IT operations and reduces complexity and overhead. References: Netskope SASEWhat is SASE?

The CCI scoring is a way to measure the security posture of cloud applications based on a set of criteria and weights. The default objective score is calculated by Netskope using industry best practices and standards. However, customers can change the CCI scoring to suit their own business needs and risk appetite. For example, a customer may want to place a higher business risk weight on vendors that claim ownership of their data, as this may affect their data sovereignty and privacy rights. Changing the CCI scoring for this reason would be valid, as it reflects the customer’s own security requirements and preferences. Changing the CCI scoring for other reasons, such as discovering a new SaaS application, punishing an application vendor, or using an application under research, would not be valid, as they do not align with the purpose and methodology of the CCI scoring. References: Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 7: Cloud Confidence Index (CCI), Lesson 1: CCI Overview and Lesson 2: CCI Scoring.

When using the Netskope Compromised Credentials feature, administrators can gain valuable insights into security incidents related to compromised credentials. The insights provided by this feature include:

Compromised usernames: This information helps identify which user accounts have been compromised, allowing administrators to take necessary actions such as resetting passwords and notifying affected users.

Breach information source: Netskope provides details on the source of the breach, such as which third-party service or data breach resulted in the compromise of credentials. This helps in understanding the context of the breach and implementing measures to prevent future incidents.

While compromised passwords (option C) are indirectly involved, they are not explicitly listed as an insight provided by this feature. Similarly, affected managed applications (option D) are related but not directly part of the primary insights.

References:

Netskope documentation on Compromised Credentials feature and incident response.

Security best practices for managing and mitigating compromised credential incidents.

=================

Administrators can subscribe to service notifications, including incidents and planned maintenance, through the following Netskope sites:

https://notify.netskope.com: This site provides notifications about incidents and maintenance updates. Administrators can subscribe to receive email alerts whenever there are updates involving specific services or planned maintenance.

https://trust.netskope.com: This site offers detailed information about Netskope's operational status, including any incidents, planned maintenance, and security updates. Administrators can subscribe to receive notifications and stay informed about the service status.

References:

Netskope documentation and support articles on subscribing to service notifications and updates.

Netskope's service notification and operational status sites providing subscription options for alerts and updates.

To obtain and export a list of all hosts including domains and IP addresses that a user accessed through Netskope Private Access for the past seven days, you can follow these steps:

Access the Netskope Web UI: Log in to your Netskope admin console.

Navigate to SkopeIT:

Go to the SkopeIT section in the Netskope admin console.

Private Apps page in SkopeIT:

In the SkopeIT section, navigate to the "Private Apps" page.

Here, you can find detailed information about the private applications accessed by users, including the domains and IP addresses.

Use the filter options to specify the user and the time range (past seven days).

Export the data as needed for your investigation.

Network Events page in SkopeIT:

In the SkopeIT section, navigate to the "Network Events" page.

This page provides a comprehensive list of network events, including details about the hosts accessed through Netskope Private Access.

Again, use the filter options to specify the user and the time range.

Export the data for reporting purposes.

These two locations within the SkopeIT section of the Netskope Web UI will provide you with the necessary data to meet your security team's requirements.

References:

Netskope Knowledge Portal: Using SkopeIT for Network and Private Apps Analysis​​​​​​​​.

To create a policy to quarantine files based on sensitive content in Netskope, you need to include the DLP Profile variable. Here's a detailed explanation of the steps involved:

Access Netskope Admin Console: First, log in to your Netskope admin console.

Navigate to Policies: Go to the Policies section where you can create and manage different types of policies.

Create a New Policy: Click on the option to create a new policy. Select the type of policy you want to create. In this case, it will be a Data Loss Prevention (DLP) policy.

Define Policy Criteria: Define the criteria for your policy. This includes specifying the conditions under which files should be quarantined. You will need to include sensitive content detection as part of the criteria.

Include DLP Profile: The most crucial step is to include a DLP Profile in your policy. The DLP Profile will define the sensitive content that the policy will monitor for. Netskope provides various predefined DLP profiles that you can use, or you can create custom DLP profiles based on your organization's needs.

Set Action to Quarantine: Specify the action to be taken when the policy criteria are met. In this case, you want to quarantine the files. Select the "Quarantine" action from the available options.

Save and Apply Policy: Once you have configured the policy with the DLP profile and action, save the policy and apply it to the relevant users, groups, or organizational units.

References:

Netskope Knowledge Portal: Using DLP Profiles and Policies​​​​​​.

 Create the Report in Advanced Analytics:

Data Collection:

Use the "Page Events" data collection, which captures detailed user activities on web pages, including edits and uploads.

Filters:

Apply filters to include only the activities "Edit" and "Upload".

Add another filter for the Cloud Confidence Level (CCL) to include only those with "Low" or "Poor" ratings.

This ensures the report focuses on the specified user activities within cloud applications that have lower security ratings.

Steps:

Navigate to Advanced Analytics > Reports.

Create a new report and select "Page Events" as the data collection source.

Apply the necessary filters for activities and CCL values.

 Schedule the Report:

Monthly Recurrence:

Set the report to run on a monthly schedule to ensure regular updates.

Configure the report to be sent via email with a PDF attachment.

Steps:

In the report scheduling options, set the recurrence to monthly.

Specify the email recipients, ensuring the CISO receives the report.

Select PDF as the report format.

 References:

For more details on creating and scheduling reports, refer to the Netskope documentation on Advanced Analytics and report generation​​​​.

Netskope’s security platform covers two controls: ZTNA and CASB. ZTNA stands for Zero Trust Network Access, which is a solution that provides secure and granular access to private applications without exposing them to the internet or requiring VPNs. CASB stands for Cloud Access Security Broker, which is a solution that provides visibility and control over cloud services and web traffic, as well as data and threat protection for cloud users and devices. References: Netskope PlatformNetskope ZTNANetskope CASB

To locate information pertaining to a DLP violation on a file in your sanctioned Google Drive instance, you can use the Incidents dashboard in Netskope. The Incidents dashboard provides a comprehensive view of all the incidents that have occurred in your cloud environment, such as DLP violations, malware infections, anomalous activities, etc. You can filter the incidents by various criteria, such as app name, incident type, severity, user name, etc. You can also drill down into each incident to see more details, such as file name, file path, file owner, file size, file type, etc. The Incidents dashboard can show DLP violations for files that are in a deleted state, as long as they are still recoverable from the trash bin of the app. If the file is permanently deleted from the app, then the incident will not be visible in the dashboard. References: Netskope Incidents Dashboard

Secure Access Service Edge (SASE) is a cloud-based architecture that combines various cloud security and infrastructure enablement technologies into a unified platform that delivers security and networking services from the edge of the network. Two of these technologies are Zero Trust Network Access (ZTNA) and Cloud Access Security Broker (CASB). ZTNA is a technology that provides secure access to private applications without exposing them to the internet or using VPNs. It uses identity-based policies and encryption to grant granular access to authorized users and devices, regardless of their location or network. CASB is a technology that provides visibility and control over cloud applications (SaaS) used by users and devices. It uses API connections or inline proxies to inspect and enforce policies on data and activities in cloud applications, such as data loss prevention, threat protection, or compliance. Distributed Denial of Service Protection (DDoS) and Unified Threat Management (UTM) are not technologies that SASE combines into its unified platform, although they may be related or integrated with some of its components. References: [SASE], [ZTNA], [CASB].

To determine which data plane a user is traversing, an administrator can use the following methods:

Settings -> Security Cloud Platform -> Client Configuration: This section provides details about the client configurations and the data planes assigned to different users or groups. By reviewing the client configuration, administrators can determine the data plane a user is connected to.

SkopeIT -> Alerts -> View Details: In the SkopeIT alerts, administrators can view detailed information about user activities, including the data plane through which the user traffic is being routed. This provides real-time insights into the user's path through the Netskope infrastructure.

References:

Netskope documentation on configuring and managing the Security Cloud Platform and client configurations.

Guides on using SkopeIT to monitor user activities and view detailed alert information.

If a customer wants to detect misconfigurations in their AWS cloud instances, the Netskope feature that I would recommend to them is Netskope Cloud Security Posture Management (CSPM). Netskope CSPM is a service that provides continuous assessment and remediation of public cloud deployments for risks, threats, and compliance issues. Netskope CSPM leverages the APIs available from AWS and other cloud service providers to scan the cloud infrastructure for misconfigurations, such as insecure permissions, open ports, unencrypted data, etc. Netskope CSPM also provides security posture policies, profiles, and rules that can be customized to match the customer’s security standards and best practices. Netskope CSPM can also alert, report, or remediate the misconfigurations automatically or manually. References: Netskope CSPMCloud Security Posture Management

To restrict cloud users from uploading data to risky cloud storage services as defined by the Cloud Confidence Index (CCI) in the Netskope platform, you would use the following policy elements:

Category: This policy element allows you to define and restrict actions based on the category of the cloud application. For example, you can categorize cloud storage services and create policies that restrict uploads to any application that falls under this category.

Cloud Confidence Level: This policy element leverages the Cloud Confidence Index (CCI), which rates the risk level of cloud applications. By using the Cloud Confidence Level, you can create policies that restrict uploads to applications with a low confidence level, thereby preventing data uploads to risky cloud storage services.

References:

Using the Netskope Knowledge Portal documentation, specifically under policy configuration and enforcement, which details how to use categories and Cloud Confidence Level in policy creation.

Postman collection and API documentation that describes the usage of these elements in the Netskope API.

=================

When a user is unable to access a newly added private application despite having the correct Real-time Protection policy in place, the NPA (Netskope Private Access) Troubleshooter tool can be used to diagnose and resolve the issue.

Accessing NPA Troubleshooter:

Navigate to the Netskope Web UI.

Go to the Troubleshooting section and select NPA Troubleshooter.

Verifying User Policy:

Check the specific policy applied to the user to ensure that it allows access to the application.

Ensure that there are no conflicting policies that might be blocking access.

Checking Steering Configuration:

Verify that the steering configuration is correctly set up to route the user's traffic to the Netskope platform.

Ensure that the correct gateways are being used and that the traffic is not being bypassed.

Client Status:

Confirm that the Netskope client is installed and running on the user's device.

Check the client logs for any errors or issues that might be preventing access.

Additional Details:

Review any other relevant details such as the user's network configuration, device status, and any recent changes that might have impacted connectivity.

By systematically using the NPA Troubleshooter tool to verify these aspects, you can identify and resolve the underlying issue preventing access to the private application.

References:

REST API v2 Overview - Netskope Knowledge Portal

Using the REST API v2 dataexport Iterator Endpoints - Netskope Knowledge Portal

Using the REST API v2 UCI Impact Endpoints - Netskope Knowledge Portal

netskopesdk · PyPI

Netskope Rest APIv2(OAS 3.1) - Postman Collection

The three components that make up the Borderless SD-WAN solution are:

Endpoint SD-WAN Client: This client is installed on endpoints (such as laptops and mobile devices) to ensure secure and optimized connectivity to the corporate network, even when users are remote. The Endpoint SD-WAN Client is a critical part of extending SD-WAN capabilities to individual users and devices, providing seamless connectivity and security.

SASE Orchestrator: The Secure Access Service Edge (SASE) Orchestrator is responsible for managing and orchestrating the various components of the SD-WAN solution. It ensures that policies are enforced consistently across the network, manages the deployment of network functions, and provides centralized control and visibility.

SASE Gateway: The SASE Gateway provides secure, optimized access to cloud applications and services. It combines SD-WAN capabilities with advanced security functions, such as firewalling, intrusion prevention, and secure web gateways, to protect data and users as they access resources from different locations.

These components work together to provide a comprehensive SD-WAN solution that addresses the needs of modern, distributed workforces by combining networking and security functions in a unified architecture.

References:

Netskope REST API v2 Overview​​.

Using the REST API v2 dataexport Iterator Endpoints​​.

Using the REST API v2 UCI Impact Endpoints​​.

Netskope SDK on PyPI​​.

Postman Collection for Netskope REST API​​.

When accessing an encrypted website (HTTPS), a "certificate not trusted" message in the browser usually occurs because the certificate presented by the website is not issued by a trusted Certificate Authority (CA). A common scenario for this is when a self-signed certificate is installed on the server. Self-signed certificates are not signed by a CA that is recognized by the browser, so the browser cannot verify the authenticity of the certificate, leading to the "certificate not trusted" message.

References:

"If the SSL certificate is self-signed, the browser will not trust the certificate because it has not been issued by a trusted CA."​​​​.

The Cloud Confidence Index (CCI) page in Netskope provides various metrics and information about an application. Among these, the two relevant pieces of information displayed are:

Top users by sessions: This metric provides insights into which users are most active within the application, giving a view of user engagement and activity levels.

GDPR readiness: This metric indicates how well the application complies with GDPR regulations, providing a readiness score or status based on the app's handling of personal data.

These metrics help administrators and security professionals to evaluate the usage and compliance status of cloud applications.

References:

Using the REST API v2 UCI Impact Endpoints​​.

Netskope Knowledge Portal: Dataexport Iterator Endpoints​​.

Netskope’s NewEdge Security Cloud Network Infrastructure is designed to provide high performance, security, and scalability for cloud traffic. The following statements are correct about this infrastructure:

It includes direct peering with Microsoft and Google in every data center:

Netskope has established direct peering relationships with major cloud service providers like Microsoft and Google. This direct peering ensures optimized and low-latency connections to these services, improving performance for end-users.

It is a private security cloud network that is over-provisioned, elastic, and built for scale:

The NewEdge network is a private security cloud network that is designed to be highly scalable and elastic. It is over-provisioned to handle large volumes of traffic and can scale up as needed to meet demand. This ensures high availability and performance for users accessing cloud services.

References:

Netskope NewEdge Overview

Netskope Knowledge Portal: NewEdge Network

SD-WAN technology is used in the following scenarios:

To optimize utilization and performance across multiple Internet connections:

SD-WAN allows organizations to aggregate multiple Internet connections and optimize traffic flow based on application requirements and network conditions. This improves overall network performance and ensures efficient use of available bandwidth.

To replace dedicated MPLS connections with multiple broadband WAN and mobile options:

SD-WAN provides the flexibility to use a mix of broadband, LTE, and other connectivity options to replace traditional MPLS circuits. This can significantly reduce costs and improve agility in network deployment and management.

References:

Netskope Knowledge Portal: SD-WAN Integration

Netskope Knowledge Portal: Benefits of SD-WAN

 NewEdge Traffic Management:

NewEdge is Netskope's high-performance global network designed to deliver fast and secure access to the internet and cloud applications.

NewEdge Traffic Management ensures efficient routing and traffic steering for optimal performance and security.

 Client Integration:

The Netskope Client uses NewEdge Traffic Management to steer traffic securely to the Netskope cloud.

It ensures that user traffic is routed through the best possible path for performance and security.

The Client component is responsible for redirecting user traffic to the NewEdge network, applying security policies, and ensuring secure access.

 References:

For detailed information on NewEdge Traffic Management and how the Netskope Client utilizes it, refer to the Netskope documentation on traffic management and client configuration​​​​.

To verify the status of the Publishers in the European data center, the following methods can be used:

Use the Status field on the Publishers page:

Navigate to the Publishers page in the Netskope UI.

Check the Status field to see if any Publishers are disconnected or experiencing issues.

Use the Netskope Private Access Troubleshooter:

Access the Netskope Private Access Troubleshooter tool.

This tool provides detailed diagnostic information and helps identify connectivity issues with Publishers.

These methods provide direct insights into the health and connectivity status of the Publishers, helping to quickly identify and resolve any issues affecting user access.

References:

Netskope Knowledge Portal: Private Access

Netskope Private Access Troubleshooter

The Application Events page in the SkopeIT Events & Alerts section is where you can find logs and events related to specific activities within cloud applications, such as "edit" or "login successful". This section provides a detailed audit trail of user activities and application usage, which is essential for monitoring, security, and compliance purposes.

This answer is validated by the event categorization provided in the Netskope documentation, where application-specific events are logged under the Application Events section for easier tracking and analysis.

=========================

References:

REST API v2 Overview - Netskope Knowledge Portal​​

Using the REST API v2 UCI Impact Endpoints - Netskope Knowledge Portal​​

Postman Collection for Netskope API​

Legacy solutions, such as on-premises firewalls and proxies, fail to secure the data and data access compared to Netskope Secure Web Gateway because they are designed for a perimeter-based security model, where the applications and the users are both within the corporate network. However, with the rise of cloud computing and remote work, this model is no longer valid. The applications where the data resides are no longer in one central location, but distributed across multiple cloud services and regions. The users accessing this data are not in one central place, but working from anywhere, on any device. Legacy solutions cannot provide adequate visibility and control over this dynamic and complex environment, resulting in security gaps and performance issues. Netskope Secure Web Gateway, on the other hand, leverages a cloud-native architecture that provides high-performance and scalable inspection of traffic from any location and device, as well as granular policies and advanced threat and data protection for web and cloud applications. References: Netskope Architecture OverviewNetskope Next Gen SWG

Steering Configuration page under Settings (A):The Steering Configuration page under Settings is used to configure and manage the steering policies, including IPsec and GRE tunnels. This section provides the necessary tools to configure the network traffic routing and ensures that the configurations are set according to the organization's requirements.

IPsec Site and GRE Site pages under Settings (D):These specific pages under the Settings section allow administrators to monitor and manage the status of IPsec and GRE tunnels. They provide detailed information about the tunnel configurations, status, and other metrics that are essential for maintaining the health and performance of the network connections.

These details are confirmed based on the features and configurations available within the Netskope Admin UI settings, as documented in the Netskope Knowledge Portal.

In the Skope IT interface, which is a feature in the Netskope platform that allows you to view and analyze all the activities performed by users on cloud applications, there are two event tables that would be used to label a cloud application instance: Page Events and Application Events. Page Events are events that capture the URL and category of the web pages visited by users, as well as the time spent and the bytes transferred on each page. Application Events are events that capture the details of the actions performed by users on cloud applications, such as upload, download, share, edit, delete, etc. You can use these event tables to label a cloud application instance by applying filters based on the domain name or URL of the instance, such as drive.google.com/a/yourcompany.com or slack.com/yourteam. You can then assign a custom label to the filtered events and use it for reporting or policy enforcement. Network Events and Alerts are not event tables that would be used to label a cloud application instance, as they are more related to network traffic or policy violations, rather than cloud application activities. References: [Netskope Skope IT], Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 8: Skope IT.

Identify the Blocked Policy: According to the exhibit, the website is blocked by the "Global Block Policy."

Create a Custom URL List: To create an exception for the domain, you need to first create a custom URL list that includes the domain in question.

Navigate to the URL List section in the Netskope UI.

Create a new URL list and add the domain that needs to be allowed.

Option B: Create a custom category with the custom URL list as an included URL list and add it to an allow policy above the Global Block policy.

Go to the Policy section in the Netskope UI.

Create a new policy, ensuring it is an "Allow" policy.

Add the custom category to this allow policy.

Position this allow policy above the Global Block policy to ensure it takes precedence.

This ensures that the URLs in the custom list are allowed before the Global Block policy is evaluated.

Option C: Add the custom URL list as an excluded URL list to the category in the Global Block policy.

Edit the existing Global Block policy.

Add the custom URL list to the excluded URL list section of this policy.

This will exclude the URLs in the custom list from being blocked by the Global Block policy.

References:

Refer to the Netskope Knowledge Portal for managing custom URL lists and policy configurations​​​​​​.

To deploy Netskope’s zero trust network access (ZTNA) solution, NPA, you need to enable Steer all Private Apps in your existing steering configuration(s) from the admin console. This will allow you to create private app profiles and assign them to your applications. NPA will then provide secure and granular access to your applications without exposing them to the internet or requiring VPNs. References: [Netskope Private Access (NPA) Deployment Guide]

 If you are deploying TLS support for real-time Web and SaaS transactions, then you need to use secure implementation methods that ensure the highest level of encryption and security for your traffic. Two secure implementation methods in this scenario are: support TLS 1.2 only when 1.3 is not supported by the server and require TLS 1.3 for every server that accepts it. TLS stands for Transport Layer Security, which is a protocol that provides secure communication over the internet by encrypting and authenticating data exchanged between two parties. TLS 1.3 is the latest version of TLS, which offers several improvements over TLS 1.2, such as faster handshake, stronger encryption algorithms, better forward secrecy, and reduced attack surface. Therefore, it is recommended to use TLS 1.3 whenever possible for real-time Web and SaaS transactions, as it provides better security and performance than TLS 1.2. However, some servers may not support TLS 1.3 yet, so in those cases, it is acceptable to use TLS 1.2 as a fallback option, as it is still considered secure and widely adopted. Bypassing TLS 1.3 because it is not widely adopted or downgrading to TLS 1.2 whenever possible are not secure implementation methods in this scenario, as they would compromise the security and performance of your traffic by using an older or weaker version of TLS than necessary. References: [TLS], [TLS 1.3].

In this scenario, you have deployed the Netskope client in Web mode, which is a feature that allows you to steer your users’ web traffic to Netskope for inspection and policy enforcement. However, some users report that their messenger application is no longer working, even though you have a specific real-time policy that allows this application. Upon further investigation, you discover that the messenger application is using proprietary encryption, which means that Netskope cannot decrypt or inspect the traffic from this application. To resolve this issue, you need to permit access to all the users and maintain some visibility. The configuration change that would accomplish this task is to add a policy in the SSL decryption section to bypass the messenger domain(s). This will allow Netskope to skip the decryption process for the traffic from the messenger application and pass it through without any modification. However, Netskope will still be able to log some basic information about the traffic, such as source, destination, bytes, etc., for visibility purposes. Changing the real-time policy to block the messenger application, creating a new custom cloud application using the custom connector, or editing the steering configuration and adding a steering exception for the messenger application are not configuration changes that would accomplish this task, as they would either prevent access to the application, require additional steps or resources, or reduce visibility. References: [Netskope Client], Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 4: Decryption Policy.