Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

You are asked to ensure that a Web application your company uses is both reachable and decrypted by Netskope. This application is served using HTTPS on port 6443. Netskope is configured with a default Cloud Firewall configuration and the steering configuration is set for All Traffic.

Which statement is correct in this scenario?

A.

Create a Firewall App in Netskope along with the corresponding Real-time Protection policy to allow the traffic.

B.

Nothing is required since Netskope is steering all traffic.

C.

Enable " Steer non-standard ports " in the steering configuration and add the domain and port as a new non-standard port

D.

Enable " Steer non-standard ports " in the steering configuration and create a corresponding Real-time Protection policy to allow the traffic

Review the exhibit.

SelfSignedCert (self signed certificate in certificate chain) Blocked by SSL_SELF_SIGNED. The destination is not reachable. Contact your IT administrator with the following error.

You are the proxy administrator for a medical devices company. You recently changed a pilot group of users from cloud app steering to all Web traffic. Pilot group users have started to report that they receive the error shown in the exhibit when attempting to access the company intranet site that is publicly available. During troubleshooting, you realize that this site uses your company’s internal certificate authority for SSL certificates. Which three statements describe ways to solve this issue? (Choose three.)

A.

Create a Real-time Protection policy to allow access.

B.

Instruct the user to proceed past the error message.

C.

Bypass SSL inspection for the affected site(s).

D.

Change the SSL Error Settings from Block to Bypass in the Netskope UI.

E.

Import the root certificate for your internal certificate authority into Netskope.

You want to integrate with a third-party DLP engine that requires ICAP. In this scenario, which Netskope platform component must be configured?

A.

On-Premises Log Parser (OPLP)

B.

Secure Forwarder

C.

Netskope Cloud Exchange

D.

Netskope Adapter

You want to verify that Google Drive is being tunneled to Netskope by looking in the nsdebuglog file. You are using Chrome and the Netskope Client to steer traffic. In this scenario, what would you expect to see in the log file?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

You have an NG-SWG customer that currently steers all Web traffic to Netskope using the Netskope Client. They have identified one new native application on Windows devices that is a certificate-pinned application. Users are not able to access the application due to certificate pinning. The customer wants to configure the Netskope Client so that the traffic from the application is steered to Netskope and the application works as expected.

Which two methods would satisfy the requirements? (Choose two.)

A.

Bypass traffic using the bypass action in the Real-time Protection policy.

B.

Configure the SSL Do Not Decrypt policy to not decrypt traffic for domains used by the native application.

C.

Configure domain exceptions in the steering configuration for the domains used by the native application.

D.

Tunnel traffic to Netskope and bypass traffic inspection at the Netskope proxy.

You are asked to create a Real-time Protection policy to inspect outbound e-mail for DLP violations. You must prevent sensitive e-mail from leaving the corporate mail relay.

In this scenario, which Real-time Protection policy action must be specified?

A.

Alert

B.

Block

C.

Forward to Proxy

D.

Add SMTP Header

You deployed the Netskope Client for Web steering in a large enterprise with dynamic steering. The steering configuration includes a bypass rule for an application that is IP restricted. What is the source IP for traffic to this application when the user is on-premises at the enterprise?

A.

Loopback IPv4

B.

Netskope data plane gateway IPv4

C.

Enterprise Egress IPv4

D.

DHCP assigned RFC1918 IPv4

You built a number of DLP profiles for different sensitive data types. If a file contains any of this sensitive data, you want to take the most restrictive policy action but also create incident details for all matching profiles.

Which statement is correct in this scenario?

A.

Create a Real-time Protection policy for each DLP profile; each matched profile will generate a unique DLP incident.

B.

Create a Real-time Protection policy for each DLP profile; all matched profiles will show up in a single DLP incident

C.

Create a single Real-time Protection policy and include all of the DLP profiles; each matched profile will generate a unique DLP incident

D.

Create a single Real-time Protection policy and include all of the DLP profiles; all matched profiles will show up in a single DLP incident.

Review the exhibit.

AcmeCorp has recently begun using Microsoft 365. The organization is concerned that employees will start using third-party non-AcmeCorp OneDrive instances to store company data. The CISO asks you to use Netskope to create a policy that ensures that no data is being uploaded to non-AcmeCorp instances of OneDrive.

Referring to the exhibit, which two policies would accomplish this posture? (Choose two.)

A.

4

B.

3

C.

2

D.

1

Review the exhibit.

You created an SSL decryption policy to bypass the inspection of financial and accounting Web categories. However, you still see banking websites being inspected.

Referring to the exhibit, what are two possible causes of this behavior? (Choose two.)

A.

The policy is in a " disabled " state.

B.

An incorrect category has been selected

C.

The policy is in a " pending changes " state.

D.

An incorrect action has been specified.