New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Netskope NSK101 Netskope Certified Cloud Security Administrator (NCCSA) Exam Practice Test

Demo: 38 questions
Total 129 questions

Netskope Certified Cloud Security Administrator (NCCSA) Questions and Answers

Question 1

What are two uses for deploying a Netskope Virtual Appliance? (Choose two.)

Options:

A.

as an endpoint for Netskope Private Access (NPA)

B.

as a local reverse-proxy to secure a SaaS application

C.

as a log parser to discover in-use cloud applications

D.

as a Secure Forwarder to steer traffic

Question 2

You are required to provide an additional pop-up warning to users before allowing them to proceed to Web applications categorized as "low" or "poor" by Netskope's Cloud Confidence Index. Which action would allow you to accomplish this task?

Options:

A.

Enable RBI on the uncategorized domains

B.

Create a policy limiting usage of generative AI.

C.

Redirect the user to the company banner page for the Web usage policy.

D.

Enable real-time user coaching based on CCL.

Question 3

A Netskope administrator wants to create a policy to quarantine files based on sensitive content.

In this scenario, which variable must be included in the policy to achieve this goal?

Options:

A.

Organizational Unit

B.

Cloud Confidence Index level

C.

DLP Profile

D.

Threat Protection Profile

Question 4

Which Netskope component would an administrator use to see an overview of private application usage and performance?

Options:

A.

Digital Experience Management

B.

Publishers page

C.

Incident Management

D.

Cloud Exchange

Question 5

What are two reasons why legacy solutions, such as on-premises firewalls and proxies, fail to secure the data and data access compared to Netskope Secure Web Gateway? (Choose two.)

Options:

A.

Legacy solutions are unable to see the user who is trying to access the application.

B.

The applications where the data resides are no longer in one central location.

C.

Legacy solutions do not meet compliance standards.

D.

The users accessing this data are not in one central place.

Question 6

What are two uses for deploying a Netskope Virtual Appliance? (Choose two.)

Options:

A.

to use as a log parser to discover in-use cloud applications

B.

to use as a local reverse proxy to secure a SaaS application

C.

to use as an endpoint for Netskope Private Access (NPA)

D.

to use as a secure way to generate Exact Data Match hashes

Question 7

A customer is considering the cloud shared responsibility model.

In this scenario, which two criteria become the customer's responsibility? (Choose two.)

Options:

A.

controlling access

B.

third-party certification

C.

enforcing service level agreements

D.

preventing data leakage

Question 8

You want to determine which NewEdge data planes that your remote users have been recently using.

Which area of the Netskope Tenant UI would provide this information?

Options:

A.

Client Steering under Digital Experience Management

B.

Network Steering under Digital Experience Management

C.

Users page under Settings

D.

Devices page under Settings

Question 9

What are two primary advantages of Netskope's Secure Access Service Edge (SASE) architecture? (Choose two.

Options:

A.

no on-premises hardware required for policy enforcement

B.

Bayesian spam filtering

C.

Endpoint Detection and Response (EDR)

D.

single management console

Question 10

Which two capabilities are part of Netskope's Adaptive Zero Trust Data Protection? (Choose two.)

Options:

A.

contextual risk awareness

B.

continuous adaptive policies

C.

continuous enforcement of all policies

D.

contextual metadata storage

Question 11

You are setting up a real-time threat protection policy for patient zero to block previously unseen files until a benign verdict is produced by the Netskope Threat Protection Service. In this scenario, which two policy parameters must you configure? (Choose two)

Options:

A.

block action

B.

CCL destination criterion

C.

file type activity constraint

D.

remediation profile

Question 12

Your customer has cloud storage repositories containing sensitive files of their partners, including bank statements, consulting, and disclosure agreements. In this scenario, which feature would help them control the flow of these types of documents?

Options:

A.

ZTNA

B.

Netskope Advanced Analytics

C.

DLP document classifiers

D.

Sandboxing

Question 13

You are attempting to allow access to an application using NPA. Private Apps steering is already enabled for all users.

In this scenario, which two actions are required to accomplish this task? (Choose two.)

Options:

A.

Disable Cloud & Firewall Apps in Steering Config.

B.

Create a Real-time Protection "Allow" policy for the Private App.

C.

Create a Private App.

D.

Ensure that SSO is in place.

Question 14

Which two use cases would be considered examples of Shadow IT within an organization? (Choose two.)

Options:

A.

a sanctioned Salesforce account used by a contractor to upload non-sensitive data

B.

a sanctioned Wetransfer being used by a corporate user to share sensitive data

C.

an unsanctioned Microsoft 365 OneDrive account being used by a corporate user to upload sensitive data

D.

an unsanctioned Google Drive account used by a corporate user to upload non-sensitive data

Question 15

As an administrator, you are asked to monitor the status of your IPsec and GRE tunnels.

In the Netskope Admin UI, which two sections would you use in this scenario? (Choose two.)

Options:

A.

Steering Configuration page under Settings

B.

Bandwidth Consumption module of Digital Experience Management

C.

Network Steering page of Digital Experience Management

D.

IPsec Site and GRE Site paqes under Settinqs

Question 16

What are two use cases for Netskope's DLP solution? (Choose two.)

Options:

A.

to stop unintentional data movement

B.

to detect malware in files before they are uploaded to a cloud application

C.

to detect sensitive data in password protected files

D.

to ensure regulatory compliance

Question 17

What are two CASB inline interception use cases? (Choose two.)

Options:

A.

blocking file uploads to a personal Box account

B.

running a retroactive scan for data at rest in Google Drive

C.

using the Netskope steering client to provide user alerts when sensitive information is posted in Slack

D.

scanning Dropbox for credit card information

Question 18

What are two pillars of CASB? (Choose two.)

Options:

A.

visibility

B.

compliance

C.

cloud native

D.

SASE

Question 19

Which two traffic steering configurations are supported by Netskope? (Choose two.)

Options:

A.

browser isolation traffic only

B.

cloud applications only

C.

all Web traffic including cloud applications

D.

Web traffic only

Question 20

You are creating a real-time policy for cloud applications.

In addition to users, groups, and organizational units, which two source criteria would support this scenario? (Choose two.)

Options:

A.

protocol version

B.

access method

C.

browser version

D.

device classification

Question 21

An administrator has created a DLP rule to search for text within documents that match a specific pattern. After creating a Real-time Protection Policy to make use of this DLP rule, the administrator suspects the rule is generating false positives.

Within the Netskope tenant, which feature allows administrators to review the data that was matched by the DLP rule?

Options:

A.

Risk Insights

B.

Forensic

C.

Quarantine

D.

Leaal Hold

Question 22

Which three security controls are offered by the Netskope Cloud platform? (Choose three.)

Options:

A.

identity lifecycle management

B.

data loss prevention for SMTP

C.

cloud security posture management

D.

endpoint anti-malware

E.

threat protection

Question 23

Click the Exhibit button.

A user is uploading a file containing PCI-DSS data to the corporate Google Drive instance. You notice that the upload is not blocked by the policy shown in the exhibit. Which statement is correct in this scenario?

Options:

A.

The policy is not applied to the correct user group.

B.

The policy is not applied to the correct URL category.

C.

The policy is not applied in the correct order.

D.

The policy is not applied to the correct application activity.

Question 24

When designing an architecture with Netskope Private Access, which element guarantees connectivity between the Netskope cloud and the private application?

Options:

A.

Netskope Publisher

B.

API connector

C.

Third-party router with GRE/IPsec support

D.

Netskope Client

Question 25

Click the Exhibit button.

Referring to the exhibit, what are two recommended steps to be set on the perimeter device to monitor IPsec tunnels to a Netskope data plane? (Choose two.)

Options:

A.

Enable IKE Dead Peer Detection (DPD) for each tunnel.

B.

Send ICMP requests to the Netskope location's Probe IP

C.

Send HTTP requests to the Netskope location's Probe IP.

D.

Send ICMP requests to the Netskope location's proxy IPs.

Question 26

Which Netskope platform component uses NewEdge Traffic Management for traffic steering?

Options:

A.

Cloud Exchange

B.

Client

C.

Data Plane On-Premises

D.

Explicit Proxy Over Tunnel

Question 27

When would an administrator need to use a tombstone file?

Options:

A.

You use a tombstone file when a policy causes a file download to be blocked.

B.

You use a tombstone file when a policy causes a publicly shared file to be encrypted.

C.

You use a tombstone file when the policy causes a file to be moved to quarantine.

D.

You use a tombstone file when a policy causes a file to be moved to legal hold.

Question 28

You have an issue with the Netskope client connecting to the tenant.

In this scenario, what are two ways to collect the logs from the client machine? (Choose two.)

Options:

A.

from the Netskope client Ul About page

B.

from the command line using the nsdiag command

C.

from the Netskope client system tray icon

D.

from the Netskope client Ul Configuration page

Question 29

Click the Exhibit button.

You configured a set of Cloud Firewall policies as shown in the exhibit and changed your Steering Configuration to All Traffic for Group A and Group B. Users in Group A report that they are unable to access a third-party server using TCP port 3389. Referring to the exhibit, which action correctly describes how you would allow these connections without allowing unnecessary access?

Options:

A.

Add Group A to the Group B Allow policy.

B.

Create an Allow policy using a custom application including the destination IP and TCP port 3389.

C.

Move the Group B Allow policy above the Group A Allow policy.

D.

Change the default action to Allow.

Question 30

How does a cloud security solution achieve visibility into TLS/SSL-protected Web traffic?

Options:

A.

by altering the TLS handshake and forcing the website to use a weak encryption algorithm which can be brute-forced

B.

by altering the TLS handshake and forcing the website to use insecure (HTTP) access

C.

by performing the TLS handshake on behalf of the website and replacing the site's certificate with its own

D.

by using government-issued universal decryption keys for the ciphers

Question 31

Click the Exhibit button.

A user has the Netskope Client enabled with the correct steering configuration applied. The exhibit shows an inline policy that has a predefined webmail category blocked. However the user is still able to access Yahoo mail.

Which statement is correct in this scenario?

Options:

A.

The user is not part of the correct AD group or OU.

B.

The user is not steered using an explicit proxy.

C.

The webmail category does not include Yahoo mail when using an explicit proxy

D.

The user's AD group must be added to the policy.

Question 32

Which two functions are available for both inline and API protection? (Choose two.)

Options:

A.

multi-factor authentication

B.

threat protection

C.

DLP

D.

Cloud Security Posture Management (CSPM)

Question 33

As an administrator, you are investigating an increase in the number of incidents related to compromised credentials. You are using the Netskope Compromised Credentials feature on your tenant to assess the situation. Which insights would you find when using this feature? (Choose two)

Options:

A.

Compromised usernames

B.

Breach information source

C.

Compromised passwords

D.

Affected managed applications

Question 34

You are required to restrict cloud users from uploading data to any risky cloud storage service as defined by the Cloud Confidence Index. In the Netskope platform, which two policy elements would enable you to implement this control? (Choose two)

Options:

A.

Device Classification

B.

Category

C.

Cloud App

D.

Cloud Confidence Level

Question 35

Your company has implemented Netskope's Cloud Firewall and requires that all FTP connections are blocked regardless of the ports being used.

Which two statements correctly identify how to block FTP access? (Choose two.)

Options:

A.

Create a Real-time Protection policy with FTP as the destination application and Block as the action.

B.

Create a Real-time Protection policy with a custom Firewall App Definition for TCP port 21 as the destination application and Block as the action.

C.

Ensure there are no Real-time Protection polices that allow FTP and change the default non-Web action to Block.

D.

Create a custom Firewall App Definition for TCP port 21 and add it to the default tenant Steering Configuration as an exception.

Question 36

Exhibit

Which portion of the interface shown in the exhibit allows an administrator to set severity, assign ownership, track progress, and perform forensic analysis with excerpts of violating content?

Options:

A.

Skope IT-> Alerts

B.

Incidents -> DLP

C.

API-enabled Protection -> Inventory

D.

Reports -> New Report

Question 37

A customer changes CCI scoring from the default objective score to another score. In this scenario, what would be a valid reason for making this change?

Options:

A.

The customer has discovered a new SaaS application that is not yet rated in the CCI database.

B.

The customer's organization places a higher business risk weight on vendors that claim ownership of their data.

C.

The customer wants to punish an application vendor for providing poor customer service.

D.

The customer's organization uses a SaaS application that is currently listed as "under research".

Question 38

When comparing data in motion with data at rest, which statement is correct?

Options:

A.

Data at rest requires API integration.

B.

Data in motion requires API integration.

C.

Data at rest cannot be scanned for malware until a user opens the file.

D.

Data in motion requires the Netskope client.

Demo: 38 questions
Total 129 questions