Question No. 1

Review the exhibit.

While diagnosing an NPA connectivity issue, you notice an error message in the Netskope client logs.

Referring to the exhibit, what does this error represent?

AThe Netskope client has been load-balanced to a different data center.

BThe primary publisher is unavailable or cannot be reached.

CThere Is an EDNS or LDNS resolution error.

DThere Is an upstream device trying to intercept the NPA TLS connection.

Show Answer

Correct Answer: D

The error message in the exhibit represents that there is an upstream device trying to intercept the NPA TLS connection. The error message is ''ERROR SSL certificate verification failed: self signed certificate in certificate chain''. This means that the Netskope client is receiving a certificate that is not issued by Netskope, but by a device that is intercepting and decrypting the traffic between the client and the Netskope cloud.This can cause the client to fail to establish a secure connection to the NPA service and access the private applications4.To solve this problem, you need to either bypass or trust the upstream device that is performing SSL decryption, such as a firewall or proxy5. Therefore, option D is correct and the other options are incorrect.Reference:Troubleshooting Netskope Client - Netskope Knowledge Portal,Netskope Client Troubleshooting Guide - The Netskope Community

Question No. 2

Review the exhibit.

You are asked to create a new Real-time Protection policy to scan SMTP emails using data loss prevention (DLP) for personal health information (PHI). The scope is limited to only emails being sent from Microsoft Exchange Online to outside recipients.

AWeb Access policy

BEmail Outbound policy

CCTEP policy

DDLP policy

Show Answer

Correct Answer: B

An 'Email Outbound' policy is specifically designed to apply data loss prevention controls on outbound emails, such as SMTP traffic from Exchange Online. This policy type enables granular control over outbound email content, ensuring compliance with DLP policies for PHI data.

Question No. 3

Your IT organization is migrating its user directory services from Microsoft Active Directory to a cloud-based Identity Provider (IdP) solution, Azure AD. You are asked to adapt the Netskope user provisioning process to work with this new cloud-based IdP.

ADirectory Importer

BMicrosoft GPO

CSCIMApp

DManual Import

Show Answer

Correct Answer: C

The SCIMApp integration is the best choice for Azure AD as it allows for seamless user provisioning between cloud-based IdPs and Netskope. SCIM (System for Cross-domain Identity Management) is a standard for automating user provisioning and works effectively with cloud IdPs like Azure AD.

Question No. 4

Netskope support advised you to enable DTLS for belter performance. You added firewall rules to allow UDP port 443 traffic. These settings are part of which configuration element when enabled in the Netskope tenant?

AReal-time Protection policies

BSSL decryption policies

Csteering configuration

Dclient configuration

Show Answer

Correct Answer: D

DTLS (Datagram Transport Layer Security) is a protocol that provides secure communication over UDP. It is an option that can be enabled in the client configuration settings in the Netskope tenant. Enabling DTLS can improve the performance of the Netskope client, especially in high latency or packet loss scenarios.DTLS is not related to Real-time Protection policies, SSL decryption policies, or steering configuration, which are different configuration elements in the Netskope tenant.Reference: Client Configuration Settings3, Netskope Client Performance4

Question No. 5

You are creating an API token to allow a DevSecOps engineer to create and update a URL list using REST API v2. In this scenario, which privilege(s) do you need to create in the API token?

AProvide read and write access for the '/events' endpoint.

BProvide read and write access for the '/urllist' endpoint.

CProvide only read access for the '/urllist' endpoint.

DProvide only write access for the '/urllist' endpoint.

Show Answer

Correct Answer: B

To create an API token to allow a DevSecOps engineer to create and update a URL list using REST API v2, you need to provide read and write access for the ''/urllist'' endpoint. The ''/urllist'' endpoint is the API endpoint that allows you to manage URL lists in your Netskope tenant.You can use this endpoint to perform operations such as create, update, delete, or list URL lists3.To create an API token with this privilege, you need to go to Settings > Tools > REST API v2 > New Token, enter a token name and expiration time, add the ''/urllist'' endpoint, and select Read+Write as the privilege4. This will allow the DevSecOps engineer to use the API token in their requests to create and update URL lists. Therefore, option B is correct and the other options are incorrect.Reference:REST API v2 Overview - Netskope Knowledge Portal,Manage URL Lists - Netskope Knowledge Portal

Free Netskope NSK200 Exam Actual Questions

The questions for NSK200 were last updated On Nov 19, 2024