New Year Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

NSK101 Netskope Certified Cloud Security Administrator (NCCSA) Questions and Answers

Questions 4

You are setting up a real-time threat protection policy for patient zero to block previously unseen files until a benign verdict is produced by the Netskope Threat Protection Service. In this scenario, which two policy parameters must you configure? (Choose two)

Options:

A.

block action

B.

CCL destination criterion

C.

file type activity constraint

D.

remediation profile

Buy Now
Questions 5

When would an administrator need to use a tombstone file?

Options:

A.

You use a tombstone file when a policy causes a file download to be blocked.

B.

You use a tombstone file when a policy causes a publicly shared file to be encrypted.

C.

You use a tombstone file when the policy causes a file to be moved to quarantine.

D.

You use a tombstone file when a policy causes a file to be moved to legal hold.

Buy Now
Questions 6

Why would you want to define an App Instance?

Options:

A.

to create an API Data Protection Policy for a personal Box instance

B.

to differentiate between an enterprise Google Drive instance vs. a personal Google Drive instance

C.

to enable the instance_id attribute in the advanced search field when using query mode

D.

to differentiate between an enterprise Google Drive instance vs. an enterprise Box instance

Buy Now
Questions 7

Your department is asked to report on GDPR data publicly exposed in Microsoft 365, Salesforce. and Slack-sanctioned cloud applications. Which deployment model would you use to discover this data?

Options:

A.

reverse proxy

B.

on-premises appliance

C.

API-enabled protection

D.

inline protection

Buy Now
Questions 8

What are two characteristics of Netskope's Private Access Solution? (Choose two.)

Options:

A.

It provides protection for private applications.

B.

It provides access to private applications.

C.

It acts as a cloud-based firewall.

D.

It requires on-premises hardware.

Buy Now
Questions 9

API-enabled Protection traffic is sent to which Netskope component?

Options:

A.

Netskope Publisher

B.

Netskope Management Plane

C.

Netskope Data Plane

D.

Netskope Reverse Proxy

Buy Now
Questions 10

What are two primary advantages of Netskope's Secure Access Service Edge (SASE) architecture? (Choose two.

Options:

A.

no on-premises hardware required for policy enforcement

B.

Bayesian spam filtering

C.

Endpoint Detection and Response (EDR)

D.

single management console

Buy Now
Questions 11

A customer changes CCI scoring from the default objective score to another score. In this scenario, what would be a valid reason for making this change?

Options:

A.

The customer has discovered a new SaaS application that is not yet rated in the CCI database.

B.

The customer's organization places a higher business risk weight on vendors that claim ownership of their data.

C.

The customer wants to punish an application vendor for providing poor customer service.

D.

The customer's organization uses a SaaS application that is currently listed as "under research".

Buy Now
Questions 12

As an administrator, you are investigating an increase in the number of incidents related to compromised credentials. You are using the Netskope Compromised Credentials feature on your tenant to assess the situation. Which insights would you find when using this feature? (Choose two)

Options:

A.

Compromised usernames

B.

Breach information source

C.

Compromised passwords

D.

Affected managed applications

Buy Now
Questions 13

A customer wants to receive e-mail alerts whenever Netskope publishes an incident involving a specific service, or if Netskope publishes information regarding planned maintenance. Which two Netskope sites allow an administrator to subscribe to service notifications? (Choose two.)

Options:

A.

https://notify.netskope.com

B.

https://communitynetskope.com/

C.

https://supportnetskope.com

D.

https://trust.netskope.com

Buy Now
Questions 14

Your organization has recently implemented Netskope Private Access. During an investigation, your security team has asked you to provide a list of all hosts including domains and IP addresses that a user accessed through Netskope Private Access for the past seven days.

Which two locations in the Netskope Web UI would allow you to obtain and export the requested data? (Choose two.)

Options:

A.

Private Apps page in SkopeIT

B.

Users page in SkopeIT

C.

Network Events page in SkopeIT

D.

Transaction Events collection in Advanced Analytics

Buy Now
Questions 15

A Netskope administrator wants to create a policy to quarantine files based on sensitive content.

In this scenario, which variable must be included in the policy to achieve this goal?

Options:

A.

Organizational Unit

B.

Cloud Confidence Index level

C.

DLP Profile

D.

Threat Protection Profile

Buy Now
Questions 16

All users are going through Netskope's Next Gen SWG. Your CISO requests a monthly report of all users who are accessing cloud applications with a "Low" or a "Poor" CCL, where the activity is either "Edit" or "Upload".

Using the Advanced Analytics interface, which two statements describe which actions must be performed in this scenario? (Choose two.)

Options:

A.

Create a report using the Data Collection "Page Events", filtering on the activities "Edit" and "Upload" for cloud apps with CCL values of "Low" or "Poor".

B.

Schedule a report with a monthly recurrence to be sent by e-mail with the attached PDF document at the end of each month.

C.

Create a report using the Data Collection "Application Events" filtering on the activities "Edit" and "Upload" for cloud apps with CCL values of "Low" or "Poor".

D.

Schedule a report with a monthly recurrence to be sent by SMS with the attached PDF document at the end of each month.

Buy Now
Questions 17

Which two controls are covered by Netskope's security platform? (Choose two.)

Options:

A.

ZTNA

B.

VPN

C.

CASB

D.

EDR

Buy Now
Questions 18

There is a DLP violation on a file in your sanctioned Google Drive instance. The file is in a deleted state. You need to locate information pertaining to this DLP violation using Netskope. In this scenario, which statement is correct?

Options:

A.

You can find DLP violations under Forensic profiles.

B.

DLP incidents for a file are not visible when the file is deleted.

C.

You can find DLP violations under the Incidents dashboard.

D.

You must create a forensic profile so that an incident is created.

Buy Now
Questions 19

Which two cloud security and infrastructure enablement technologies does Secure Access Service Edge (SASE) combine into its unified platform? (Choose two.)

Options:

A.

Distributed Denial of Service Protection (DDoS)

B.

Zero Trust Network Access (ZTNA)

C.

Cloud Access Security Broker (CASB)

D.

Unified Threat Management (UTM)

Buy Now
Questions 20

An administrator wants to determine to which data plane a user is traversing. In this scenario, what are two ways to accomplish this task? (Choose two.)

Options:

A.

Settings -> Security Cloud Platform -> Devices

B.

Settings -> Security Cloud Platform -> Client Configuration

C.

SkopeIT -> Alerts -> View Details

D.

System Tray -> Configuration

Buy Now
Questions 21

A customer wants to detect misconfigurations in their AWS cloud instances.

In this scenario, which Netskope feature would you recommend to the customer?

Options:

A.

Netskope Secure Web Gateway (SWG)

B.

Netskope Cloud Security Posture Management (CSPM)

C.

Netskope Advanced DLP and Threat Protection

D.

Netskope SaaS Security Posture Management (SSPM)

Buy Now
Questions 22

You are required to restrict cloud users from uploading data to any risky cloud storage service as defined by the Cloud Confidence Index. In the Netskope platform, which two policy elements would enable you to implement this control? (Choose two)

Options:

A.

Device Classification

B.

Category

C.

Cloud App

D.

Cloud Confidence Level

Buy Now
Questions 23

You added a new private app definition and created a Real-time Protection policy to allow access for all users. You have a user who reports that they are unable to access the application but all other applications work fine.

Which statement correctly describes how to troubleshoot this issue using the Netskope Web UI?

Options:

A.

You can verity the user's policy, steering configuration, client status and other relevant details using the Advanced Debugging tools in the Netskoge Client.

B.

You can verify the user's policy, steering configuration, client status and other relevant details using the Agg Discovery dashboard.

C.

You can verify the user's policy, steering configuration, client status and other relevant details using DEM.

D.

You can verify the user's policy, steering configuration, client status and other relevant details using the NPA Troubleshooter took

Buy Now
Questions 24

Which three components make up the Borderless SD-WAN solution? (Choose three)

Options:

A.

Endpoint SD-WAN Client

B.

SASE Orchestrator

C.

NPA Publisher

D.

SASE Gateway

E.

On-Premises Log Parser

Buy Now
Questions 25

When accessing an encrypted website (HTTPS), what is a reason why you might receive a "certificate not trusted" browser message?

Options:

A.

A certificate authority is installed on the server.

B.

A self-signed certificate is installed on the server.

C.

A public certificate is installed on the server.

D.

There is no certificate installed on the server.

Buy Now
Questions 26

What information is displayed in an application's Cloud Confidence Index (CCI) page? (Choose two.)

Options:

A.

top users by sessions

B.

policy violations

C.

GDPR readiness

D.

stock price

Buy Now
Questions 27

Which two statements are correct about Netskope’s NewEdge Security Cloud Network Infrastructure? (Choose two.)

Options:

A.

It utilizes virtual POPs for traffic onboarding ensuring low latency.

B.

It includes direct peering with Microsoft and Google in every data center.

C.

It is a private security cloud network that is over-provisioned, elastic, and built for scale.

D.

It utilizes multiple public cloud providers for inline services ensuring high availability and elasticity.

Buy Now
Questions 28

In which two scenarios would you use SD-WAN technology? (Choose two.)

Options:

A.

to differentiate between corporate and personal SaaS applications

B.

to optimize utilization and performance across multiple Internet connections

C.

to ensure a user's corporate laptop has all of the required security compliance software in place

D.

to replace dedicated MPLS connections with multiple broadband WAN and mobile options

Buy Now
Questions 29

Which Netskope platform component uses NewEdge Traffic Management for traffic steering?

Options:

A.

Cloud Exchange

B.

Client

C.

Data Plane On-Premises

D.

Explicit Proxy Over Tunnel

Buy Now
Questions 30

Your organization has implemented Netskope Private Access (NPA) for all users. Users from the European region are reporting that they are unable to access many of their applications. You suspect that the publishers for the European data center may be disconnected and you want to verify the Publishers' status.

Which two methods describe how you would accomplish this task? (Choose two.)

Options:

A.

Use the Status field on the Publishers page.

B.

Use the Network Events page in

C.

Use the Netskope Private Access Troubleshooter.

D.

Use the Private Apps page in

Buy Now
Questions 31

You need to locate events for specific activities such as "edit" or "login successful" in a cloud application.

In which SkopeIT Events & Alerts page would this information be found?

Options:

A.

Endpoint Events

B.

Page Events

C.

Application Events

D.

Websites

Buy Now
Questions 32

What are two reasons why legacy solutions, such as on-premises firewalls and proxies, fail to secure the data and data access compared to Netskope Secure Web Gateway? (Choose two.)

Options:

A.

Legacy solutions are unable to see the user who is trying to access the application.

B.

The applications where the data resides are no longer in one central location.

C.

Legacy solutions do not meet compliance standards.

D.

The users accessing this data are not in one central place.

Buy Now
Questions 33

As an administrator, you are asked to monitor the status of your IPsec and GRE tunnels.

In the Netskope Admin UI, which two sections would you use in this scenario? (Choose two.)

Options:

A.

Steering Configuration page under Settings

B.

Bandwidth Consumption module of Digital Experience Management

C.

Network Steering page of Digital Experience Management

D.

IPsec Site and GRE Site paqes under Settinqs

Buy Now
Questions 34

In the Skope IT interface, which two event tables would be used to label a cloud application instance? (Choose two.)

Options:

A.

Network Events

B.

Page Events

C.

Application Events

D.

Alerts

Buy Now
Questions 35

Click the Exhibit button.

NSK101 Question 35

Referring to the exhibit, you have a user reporting that a blocked website is needed for legitimate business reasons. Upon review, you determine that the user has been blocked by the Global Block policy. You need to create an exception forthat domain. You create a custom URL list that includes the domain.

In this scenario, which two actions would allow this access? (Choose two.)

Options:

A.

Create a custom category with the custom URL list as an included URL list and add it to an allow policy below the triggered Global Block policy.

B.

Create a custom category with the custom URL list as an included URL list and add it to an allow policy above the triggered Global Block policy.

C.

Add the custom URL list as an excluded URL list to the category in the Global Allow policy.

D.

Add the custom URL list as an excluded URL list to the category in the Global Block policy.

Buy Now
Questions 36

You want to deploy Netskope's zero trust network access (ZTNA) solution, NPA. In this scenario, which action would you perform to accomplish this task?

Options:

A.

Create an OAuth identity access control between your users and your applications.

B.

Set up a reverse proxy using SAML and an identity provider.

C.

Enable Steer all Private Apps in your existing steering configuration(s) from the admin console.

D.

Configure SCIM to exchange identity information and attributes with your applications.

Buy Now
Questions 37

You are deploying TLS support for real-time Web and SaaS transactions. What are two secure implementation methods in this scenario? (Choose two.)

Options:

A.

Bypass TLS 1.3 because it is not widely adopted.

B.

Downgrade to TLS 1.2 whenever possible.

C.

Support TLS 1.2 only when 1.3 is not supported by the server.

D.

Require TLS 1.3 for every server that accepts it.

Buy Now
Questions 38

You just deployed the Netskope client in Web mode and several users mention that their messenger application is no longer working. Although you have a specific real-time policy that allows this application, upon further investigation you discover that it is using proprietary encryption. You need to permit access to all the users and maintain some visibility.

In this scenario, which configuration change would accomplish this task?

Options:

A.

Change the real-time policy to block the messenger application.

B.

Create a new custom cloud application using the custom connector that can be used in the real-time policy.

C.

Add a policy in the SSL decryption section to bypass the messenger domain(s).

D.

Edit the steering configuration and add a steering exception for the messenger application.

Buy Now
Exam Code: NSK101
Exam Name: Netskope Certified Cloud Security Administrator (NCCSA)
Last Update: Dec 22, 2024
Questions: 129

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now NSK101 testing engine

PDF (Q&A)

$36.75  $104.99
buy now NSK101 pdf