Free Netskope Certified Cloud Security Architect Exam NSK300 Exam Practice Test

Your client is an NG-SWG customer. They are going to use the Explicit Proxy over Tunnel (EPoT) steering method. They have a specific list of domains that they do not want to steer to the Netskope Cloud.What would accomplish this task''

• Define exception domains in the PAC file.
• Define exceptions in the Netskope steering configuration
• Create a real-time policy with a bypass action.
• Use an SSL decryption policy.

You have an NG-SWG customer that currently steers all Web traffic to Netskope using the Netskope Client. They have identified one new native application on Windows devices that is a certificate- pinned application. Users are not able to access the application due to certificate pinning. The customer wants to configure the Netskope Client so that the traffic from the application is steered to Netskope and the application works as expected.Which two methods would satisfy the requirements? (Choose two.)

• Bypass traffic using the bypass action in the Real-time Protection policy.
• Configure the SSL Do Not Decrypt policy to not decrypt traffic for domains used by the native application.
• Configure domain exceptions in the steering configuration for the domains used by the native
• application.
• Tunnel traffic to Netskope and bypass traffic inspection at the Netskope proxy.

A company has deployed Explicit Proxy over Tunnel (EPoT) for their VDI users They have configured Forward Proxy authentication using Okta Universal Directory They have also configured a number of Real-time Protection policies that block access to different Web categories for different AD groups so. for example, marketing users are blocked from accessing gambling sites. During User Acceptance Testing, they see inconsistent results where sometimes marketing users are able to access gambling sites and sometimes they are blocked as expected They are seeing this inconsistency based on who logs into the VDI server first.What is causing this behavior?

• Forward Proxy is not configured to use the Cookie Surrogate
• Forward Proxy is not configured to use the IP Surrogate
• Forward Proxy authentication is configured but not enabled.
• Forward Proxy is configured to use the Cookie Surrogate

Your company purchased Netskope's Next Gen Secure Web Gateway You are working with your network administrator to create GRE tunnels to send traffic to Netskope Your network administrator has set up the tunnel, keepalives. and a policy-based route on your corporate router to send all HTTP and HTTPS traffic to Netskope. You want to validate that the tunnel is configured correctly and that traffic is flowing.In this scenario, which two statements are correct? (Choose two.)

• You can use your local router or network device to verify that keepalives are being received and traffic is flowing to Netskope.
• You must use your own monitoring tools to verify that the tunnel is up.
• You can verify that the tunnel is up and receiving traffic in the Netskope Ul under Settings > Security Cloud Platform > GRE.
• You can verify that the tunnel is up in the Netskope Trust portal at https://trust netskope.com/.

Users in your network are attempting to reach a website that has a self-signed certificate using a GRE tunnel to Netskope. They are currently being blocked by Netskope with an SSL error. How would you allow this traffic?

• Configure a Do Not Decrypt SSL Decryption rule to allow traffic to pass.
• Configure a Real-time Protection policy with the action set to Allow.
• Set the No SNI setting in Netskope to Bypass.
• Ensure that the users add the self-signed certificate to their local certificate store.

A company needs to block access to their instance of Microsoft 365 from unmanaged devices. They have configured Reverse Proxy and have also created a policy that blocks login activity for the AD group "marketing-users" for the Reverse Proxy access method. During UAT testing, they notice that access from unmanaged devices to Microsoft 365 is not blocked for marketing users.What is causing this issue?

• There is a missing group name in the SAML response.
• The username in the name ID field is not in the format of the e-mail address.
• There is an invalid certificate in the SAML response.
• The username in the name ID field does not have the "marketing-users" group name.

What are three valid Instance Types for supported SaaS applications when using Netskope's API- enabled Protection? (Choose three.)

• Forensic
• API Data Protection
• Behavior Analytics
• DLP Scan
• Quarantine

You deployed the Netskope Client for Web steering in a large enterprise with dynamic steering. The steering configuration includes a bypass rule for an application that is IP restricted. What is the source IP for traffic to this application when the user is on-premises at the enterprise?

• Loopback IPv4
• Netskope data plane gateway IPv4
• Enterprise Egress IPv4
• DHCP assigned RFC1918 IPv4

A company wants to capture and maintain sensitive Pll data in a relational database to help their customers. There are many employees and contractors that need access to sensitive customer data to perform their duties The company wants to prevent the exfiltration of sensitive customer data by their employees and contractors.In this scenario. what would satisfy this requirement?

• fingerprinting
• exact data match
• regular expression
• machine learning

You are attempting to merge two Advanced Analytics reports with DLP incidents: Report A with 3000 rows and Report B with 6000 rows. Once merged, you notice that the merged report is missing a significant number of rows.What is causing this behavior?

• Netskope automatically deduplicates data in merged reports.
• Missing data is due to viewing limits.
• Filters are applied differently to dimensions and measures
• Visualizations have a system limit of 5000 rows.