Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

Review the exhibit.

You want to create a custom URL category to apply a secure Web gateway policy combining your own list of URLs and Netskope predefined categories.

In this scenario, which task must be completed?

A.

Add the URL list to the Client configuration.

B.

Add the URL list to a Custom category.

C.

Add the URL list to a Steering configuration.

D.

Add the URL list to a Real-time Protection policy.

Full Access
Question # 5

Your customer is migrating all of their applications over to Microsoft 365 and Azure. They have good practices and policies in place (or their inline traffic, but they want to continuously detect reconfigurations and enforce compliance standards.

Which two solutions would satisfy their requirements? (Choose two.)

A.

Netskope SaaS Security Posture Management

B.

Netskope Cloud Confidence Index

C.

Netskope Risk Insights

D.

Netskope Continuous Security Assessment

Full Access
Question # 6

Review the exhibit.

A security analyst needs to create a report to view the top five categories of unsanctioned applications accessed in the last 90 days. Referring to the exhibit, what are two data collections in Advanced Analytics that would be used to create this report? (Choose two.)

A.

Alerts

B.

Application Events

C.

Page Events

D.

Network Events

Full Access
Question # 7

Review the exhibit.

Your Real-time Protection policy contains some rules with only a browse activity. The exhibit shows a new policy rule.

Where is the correct location to place this rule?

A.

at the bottom

B.

before browse activity

C.

after browse activity

D.

at the top

Full Access
Question # 8

You are configuring GRE tunnels from a Palo Alto Networks firewall to a Netskope tenant with the Netskope for Web license enabled. Your tunnel is up as seen from the Netskope dashboard. You are unable to ping hosts behind the Netskope gateway.

Which two statements are true about this scenario? (Choose two.)

A.

You need to call support to enable the GRE POP selection feature.

B.

Netskope only supports Web traffic through the tunnel.

C.

You can only ping the probe IP provided by Netskope.

D.

There is no client installed on the source hosts in your network.

Full Access
Question # 9

Review the exhibit.

You are asked to restrict users from accessing YouTube content tagged as Sport. You created the required real-time policy; however, users can still access the content

Referring to the exhibit, what is the problem?

A.

The website is in a steering policy exception.

B.

The policy changes have not been applied.

C.

The YouTube content cannot be controlled.

D.

The traffic matched a Do Not Decrypt policy

Full Access
Question # 10

Review the exhibit.

Referring to the exhibit, which three statements are correct? (Choose three.)

A.

The request was processed successfully.

B.

A request was submitted to extract application event details.

C.

An invalid token was used.

D.

The request was limited to the first 5000 records.

E.

The request was confined to only the "Professional Networking and Social" category.

Full Access
Question # 11

Netskope support advised you to enable DTLS for belter performance. You added firewall rules to allow UDP port 443 traffic. These settings are part of which configuration element when enabled in the Netskope tenant?

A.

Real-time Protection policies

B.

SSL decryption policies

C.

steering configuration

D.

client configuration

Full Access
Question # 12

The risk team at your company has determined that traffic from the sales team to a custom Web application should not be inspected by Netskope. All other traffic to the Web application should continue to be inspected. In this scenario, how would you accomplish this task?

A.

Create a Do Not Decrypt Policy using User Group and Domain in the policy page.

B.

Create a Do Not Decrypt Policy using Application in the policy page and a Steering Exception for Group

C.

Create a Do Not Decrypt Policy using Destination IP and Application in the policy page.

D.

Create a Do Not Decrypt Policy using Source IP and Application in the policy page.

Full Access
Question # 13

Which object would be selected when creating a Malware Detection profile?

A.

DLP profile

B.

File profile

C.

Domain profile

D.

User profile

Full Access
Question # 14

Your customer has some managed Windows-based endpoints where they cannot add any clients or agents. For their users to have secure access to their SaaS application, you suggest that the customer use Netskope's Explicit Proxy.

Which two configurations are supported for this use case? (Choose two.)

A.

Endpoints can be configured to directly use the Netskope proxy.

B.

Endpoints must have separate steering configurations in the tenant settings.

C.

Endpoints must be configured in the device section of the tenant to interoperate with all proxies.

D.

Endpoints can be configured to use a Proxy Auto Configuration (PAC) file.

Full Access
Question # 15

After deploying the Netskope client to a number of devices, users report that the Client status indicates "Admin Disabled". User and gateway information is displayed correctly in the client configuration dialog

Why are clients installing in an "Admin Disabled" state in this scenario?

A.

All devices were previously disabled by the administrator.

B.

The user's identity is not synchronized to Netskope.

C.

The user's password was incorrect during enrollment.

D.

The user's account has no mail ID attribute In Active Directory.

Full Access
Question # 16

Review the exhibit.

You are troubleshooting a Netskope client for user Clarke which remains in a disabled state after being installed. After looking at various logs, you notice something which might explain the problem. The exhibit is an excerpt from the nsADImporterLog.log.

Referring to the exhibit, what is the problem?

A.

The client was not Installed with administrative privileges.

B.

The Active Directory user is not synchronized to the Netskope tenant.

C.

This is normal; it might take up to an hour to be enabled.

D.

The client traffic is decrypted by a network security device.

Full Access
Question # 17

You are comparing the behavior of Netskope's Real-time Protection policies to API Data Protection policies. In this Instance, which statement is correct?

A.

All real-time policies are enforced, regardless of sequential order, while API policies are analyzed sequentially from top to bottom and stop once a policy Is matched.

B.

Both real-time and API policies are analyzed sequentially from top to bottom and stop once a policy Is matched.

C.

All API policies are enforced, regardless of sequential order, while real-time policies are analyzed sequentially from top to bottom and stop once a policy Is matched.

D.

Both real-time and API policies are all enforced, regardless of sequential order.

Full Access
Question # 18

You want to provision users and groups to a Netskope tenant. You have Microsoft Active Directory servers hosted in two different forests. Which statement is true about this scenario?

A.

You can use the Netskope Adapter Tool for user provisioning.

B.

You can use the Netskope virtual appliance for user provisioning

C.

You cannot provision users until you migrate to Azure AD or Okta.

D.

You can use SCIM version 2 for user provisioning.

Full Access
Question # 19

Review the exhibit.

You are asked to create a DLP profile that will ensure that the data shown in the exhibit cannot be uploaded to a user's personal Google Drive.

What must be used to accomplish this task?

A.

document fingerprinting

B.

ML image classifier

C.

optical character recognition

D.

INTL-PAN-Name rule

Full Access
Question # 20

You have created a specific Skope IT application events query and want to have the query automatically run and display the results every time you log into your tenant.

Which two statements are correct in this scenario? (Choose two.)

A.

Add the Watchlist widget from the library to your home page.

B.

Export a custom Skope IT watchlist to a report and then schedule it to run daily.

C.

Save a custom Skope IT watchlist, then manage filters and share with others.

D.

Add your Skope IT query to a custom watchlist.

Full Access
Question # 21

Your company wants to deploy Netskope using a tunnel because you have a mixture of device operating systems. You also do not want to enable encryption because you want to maximize bandwidth.

A.

explicit proxy

B.

IPsec

C.

proxy chaining

D.

GRE

Full Access
Question # 22

You are an administrator writing Netskope Real-time Protection policies and must determine proper policy ordering.

Which two statements are true in this scenario? (Choose two.)

A.

You must place DLP policies at the bottom.

B.

You do not need to create an "allow all" Web Access policy at the bottom.

C.

You must place Netskope private access malware policies in the middle.

D.

You must place high-risk block policies at the top.

Full Access
Question # 23

You want to provide malware protection for all cloud storage applications.

In this scenario, which action would accomplish this task?

A.

Create a real-time threat protection policy with a category of Cloud Storage.

B.

Apply a data protection profile.

C.

Apply a CTEP profile.

D.

Create an API threat protection policy with a category of Cloud Storage.

Full Access
Question # 24

Your small company of 10 people wants to deploy the Netskope client to all company users without requiring users to be imported using Active Directory, LDAP, or an IdP.

A.

Deploy the Netskope client using SCCM.

B.

Deploy the Netskope client using JAMF.

C.

Deploy the Netskope client using Microsoft GPO.

D.

Deploy the Netskope client using an email invitation.

Full Access
Question # 25

Your customer is concerned about malware in their AWS S3 buckets. What two actions would help with this scenario? (Choose two.)

A.

Create a real-time policy to block malware uploads to their AWS instances.

B.

Enable Threat Protection (Malware Scan) for all of their AWS instances to Identify malware.

C.

Create an API protection policy to quarantine malware in their AWS S3 buckets.

D.

Create a threat profile to quarantine malware in their AWS S3 buckets.

Full Access
Question # 26

Your customer currently only allows users to access the corporate instance of OneDrive using SSO with the Netskope client. The users are not permitted to take their laptops when vacationing, but sometimes they must have access to documents on OneDrive when there is an urgent request. The customer wants to allow employees to remotely access OneDrive from unmanaged devices while enforcing DLP controls to prohibit downloading sensitive files to unmanaged devices.

Which steering method would satisfy the requirements for this scenario?

A.

Use a reverse proxy integrated with their SSO.

B.

Use proxy chaining with their cloud service providers integrated with their SSO.

C.

Use a forward proxy integrated with their SSO.

D.

Use a secure forwarder integrated with an on-premises proxy.

Full Access
Question # 27

You use Netskope to provide a default Malware Scan profile for use with your malware policies. Also, you want to create a custom malware detection profile.

In this scenario, what are two additional requirements to complete this task? (Choose two.)

A.

Add a custom hash list as an allowlist.

B.

Add a quarantine profile.

C.

Add a remediation profile.

D.

Add a custom hash list as a blocklist.

Full Access