Question No. 1

An engineering firm is using Netskope DLP to identify and block sensitive documents, including schematics and drawings. Lately, they have identified that when these documents are blocked, certain employees may be taking screenshots and uploading them. They want to block any screenshots from being uploaded.

Which feature would you use to satisfy this requirement?

Aexact data match (EDM)

Bdocument fingerprinting

CML image classifier

Doptical character recognition (OCR)

Show Answer

Correct Answer: C

To block any screenshots from being uploaded, the engineering firm should use the ML image classifier feature of Netskope DLP. This feature uses machine learning to detect sensitive information within images, such as screenshots, whiteboards, passports, driver's licenses, etc. The firm can create a DLP policy that blocks any image upload that matches the screenshot classifier. This will prevent employees from circumventing the DLP controls by taking screenshots of sensitive documents.Reference:Improved DLP Image Classifiers,Netskope Data Loss Prevention,The Importance of a Machine Learning-Based Source Code Classifier

Question No. 2

Your customer is migrating all of their applications over to Microsoft 365 and Azure. They have good practices and policies in place (or their inline traffic, but they want to continuously detect reconfigurations and enforce compliance standards.

Which two solutions would satisfy their requirements? (Choose two.)

ANetskope SaaS Security Posture Management

BNetskope Cloud Confidence Index

CNetskope Risk Insights

DNetskope Continuous Security Assessment

Show Answer

Correct Answer: A, D

To continuously detect and enforce compliance standards for their Microsoft 365 and Azure applications, the customer needs to use Netskope SaaS Security Posture Management (SSPM) and Netskope Continuous Security Assessment (CSA). Netskope SSPM allows the customer to monitor, assess, and act on security, permission, and access related issues in their SaaS environment, such as Microsoft 365. Netskope SSPM continuously checks security posture by comparing SaaS app settings with security policies and industry benchmarks (CIS, PCI-DSS, NIST, HIPAA, CSA, GDPR, AIPCA, ISO, and more).It also provides visibility and control over third-party apps that are connected to the managed apps1. Netskope CSA allows the customer to discover, audit, and remediate misconfigurations in their IaaS environment, such as Azure. Netskope CSA continuously monitors and audits cloud configurations against industry standards, CIS benchmarks, and regulatory frameworks.It also provides real-time inline protection to secure public clouds from threats and data loss2. Therefore, options A and D are correct and the other options are incorrect.Reference:SaaS Security Posture Management - Netskope,Public Cloud Security Solutions - Netskope

Question No. 3

What is the purpose of the file hash list in Netskope?

AIt configures blocklist and allowlist entries referenced in the custom Malware Detection profiles.

BIt is used to allow and block URLs.

CIt provides the file types that Netskope can inspect.

DIt provides Client Threat Exploit Prevention (CTEP).

Show Answer

Correct Answer: A

The purpose of the file hash list in Netskope is to configure blocklist and allowlist entries referenced in the custom Malware Detection profiles. A file hash list is a collection of MD5 or SHA-256 hashes that represent files that you want to allow or block in your organization.You can create a file hash list when adding a file profile and use it as an allowlist or blocklist for files in your organization1.You can then select the file hash list when creating a Malware Detection profile2.

Question No. 4

Your company is using on-premises QRadar as a SIEM solution. They are replacing it with Rapid7 in the cloud. The legacy on-premises QRadar will eventually be decommissioned. Your IT department does not want to use the same token that QRadar uses.

ANetskope does not support multiple REST API tokens.

BYou must use Netskope REST API v1 to support multiple tokens to share events.

CYou must use Netskope REST API v2 to support multiple tokens to share events.

DYou must use an Advanced Threat Protection license to support multiple tokens to share events.

Show Answer

Correct Answer: C

Netskope REST API v2 supports multiple tokens, allowing different applications or integrations (like QRadar and Rapid7) to have distinct tokens. This avoids token conflicts and enhances security by isolating access permissions for different SIEM systems.

Question No. 5

You are an administrator writing Netskope Real-time Protection policies and must determine proper policy ordering.

Which two statements are true in this scenario? (Choose two.)

AYou must place DLP policies at the bottom.

BYou do not need to create an 'allow all' Web Access policy at the bottom.

CYou must place Netskope private access malware policies in the middle.

DYou must place high-risk block policies at the top.

Show Answer

Correct Answer: B, D

Placing high-risk block policies at the top ensures that critical blocks are enforced first, protecting against the most severe threats. Additionally, an 'allow all' Web Access policy at the bottom is not necessary, as policy defaults can handle remaining traffic not explicitly addressed by other rules.

Free Netskope NSK200 Exam Actual Questions

The questions for NSK200 were last updated On Jan 15, 2025