Question No. 1

Your CISO asks that you to provide a report with a visual representation of the top 10 applications (by number of objects) and their risk score. As the administrator, you decide to use a Sankey visualization in Advanced Analytics to represent the data in an efficient manner.

In this scenario, which two field types are required to produce a Sankey Tile in your report? {Choose two.)

ADimension

BMeasure

CPivot Ranks

DPeriod of Type

Show Answer

Correct Answer: A, B

To produce a Sankey Tile in a report that visually represents the top 10 applications by number of objects and their risk score, you would need:

Dimension (A): This field type would be used to represent the nodes in the Sankey visualization, which could be the applications in this case1.

Measure (B): This field type would provide the weight of the links between the nodes, representing the number of objects or the risk score associated with each application1.

These two field types are essential for creating a Sankey visualization as they define the structure and flow of data between different stages or categories within the visualization.

Question No. 2

You have an NG-SWG customer that currently steers all Web traffic to Netskope using the Netskope Client. They have identified one new native application on Windows devices that is a certificate-pinned application. Users are not able to access the application due to certificate pinning. The customer wants to configure the Netskope Client so that the traffic from the application is steered to Netskope and the application works as expected.

Which two methods would satisfy the requirements? (Choose two.)

ABypass traffic using the bypass action in the Real-time Protection policy.

BConfigure the SSL Do Not Decrypt policy to not decrypt traffic for domains used by the native application.

CConfigure domain exceptions in the steering configuration for the domains used by the native application.

DTunnel traffic to Netskope and bypass traffic inspection at the Netskope proxy.

Show Answer

Correct Answer: B, C

To address the issue of a certificate-pinned application not being accessible due to certificate pinning, while still steering the traffic to Netskope, the two methods that would satisfy the requirements are:

B: Configure the SSL Do Not Decrypt policy to not decrypt traffic for domains used by the native application. This ensures that the SSL traffic for the specified domains is not decrypted, thus avoiding issues with certificate pinning.

C: Configure domain exceptions in the steering configuration for the domains used by the native application. By setting domain exceptions, traffic to these domains will bypass SSL decryption, allowing the certificate-pinned application to function as expected1.

These methods are in line with Netskope's capabilities for handling certificate-pinned applications, which often require bypassing decryption to prevent breaking the application's functionality due to its security features1.

Question No. 3

Your company just had a new Netskope tenant provisioned and you are asked to create a secure tenant configuration. In this scenario, which two default settings should you change? {Choose two.)

AChange Safe Search to Disabled

BChange Untrusted Root Certificate to Block.

CChange the No SNI setting to Block.

DChange 'Disallow concurrent logins by an Admin' to Enabled.

Show Answer

Correct Answer: B, D

For a new Netskope tenant provisioned, to create a secure tenant configuration, you should consider changing the following default settings:

B . Change Untrusted Root Certificate to Block: This setting will ensure that any traffic coming from an untrusted root certificate is blocked, which is a critical security measure to prevent man-in-the-middle attacks and other types of cyber threats1.

D . Change ''Disallow concurrent logins by an Admin'' to Enabled: This setting will prevent multiple concurrent logins by the same admin account, which is an important security control to mitigate the risk of unauthorized access. If an admin's credentials are compromised, this setting will help limit the potential damage by ensuring that only one session can be active at a time1.

These changes are part of the recommended security hardening guidelines for Netskope tenants to enhance the overall security posture of the tenant environment.

Question No. 4

You are troubleshooting an issue with users who are unable to reach a financial SaaS application when their traffic passes through Netskope. You determine that this is because of IP restrictions in place with the SaaS vendor. You are unable to add Netskope's IP ranges at this time, but need to allow the traffic.

How would you allow this traffic?

AUse NPAto implement Source IP anchonng so the traffic will egress from the corporate data center.

BUse Explicit Proxy Over Tunnel (EPoT) so the traffic will egress from the corporate data center.

CUse Cloud Explicit Proxy so the traffic will egress from the corporate data center

DUse an IPsec tunnel to forward traffic so it will egress from the corporate data center

Show Answer

Correct Answer: C

To allow traffic to a financial SaaS application that is being blocked due to IP restrictions, the best option is to use Cloud Explicit Proxy. This method allows traffic to egress from the corporate data center without requiring Netskope's IP ranges to be added to the SaaS vendor's allowlist. By configuring an allowlist in the Cloud Explicit Proxy settings, you can add any source egress IP addresses for your on-premises users, and Netskope will allow the traffic from the added user and IP address without authenticating1.

Question No. 5

Your customer is currently using Directory Importer with Active Directory (AD) to provision users to Nelskope. They have recently acquired three new companies (

AB. and C) and want to onboard users from the companies onto the NetsKope platform. Information about the companies is shown below.
- Company A uses Active Directory.
-- Company B uses Azure AD.
-- Company C uses Okta Universal Directory.
Which statement is correct in this scenario?

AUsers from Company B and Company C cannot be provisioned because the customer is already using AD Importer.

BEither Company B or Company C users cannot be provisioned because integration with only one SCIM solution is allowed.

CUsers from Companies A. B, and C can be provisioned to Netskope by deploying additional AD Importers and integrating more than one SCIM solution.

DCompany A users cannot be provisioned to Netskope because the customer is already using AD Importer to import users from another Active Directory environment.

Show Answer

Correct Answer: C

Users from Companies A, B, and C can indeed be provisioned to Netskope. Company A, which uses Active Directory, can continue to use the existing AD Importer. For Company B that uses Azure AD and Company C that uses Okta Universal Directory, integration with SCIM (System for Cross-domain Identity Management) solutions is possible. Netskope supports provisioning users from multiple directories, including Active Directory and cloud-based identity providers like Azure AD and Okta, by using additional AD Importers and integrating more than one SCIM solution12.

Free Netskope NSK300 Exam Actual Questions

The questions for NSK300 were last updated On Sep 16, 2024