CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Netskope
  5. NSK101

Free NSK101 Exam Braindumps (page: 10)

Page 10 of 34
PDF with 129 Questions

You want to take into account some recent adjustments to CCI scoring that were made in your Netskope tenant.

In this scenario, which two CCI aspects in the Ul would be used in a real-time protection policy? (Choose two.)

  1. App Tag
  2. CCL
  3. App Score
  4. GDPR Readiness

Answer(s): A,C

Explanation:

To take into account some recent adjustments to CCI scoring that were made in your Netskope tenant, you can use the App Tag and App Score aspects in the UI to create a real-time protection policy. The App Tag is a label that indicates the level of enterprise readiness of a cloud app based on its CCI score. The App Score is a numerical value that represents the CCI score of a cloud app based on various criteria such as security, auditability, and business continuity. You can use these aspects to filter cloud apps by their CCI ratings and apply policies accordingly. For example, you can create a policy that blocks access to cloud apps with an App Tag of Poor or an App Score below 50.


Reference:

Netskope Cloud Confidence IndexCreating Real-Time Policies for Cloud Applications



You are working with traffic from applications with pinned certificates. In this scenario, which statement is correct?

  1. An exception should be added to the steering configuration.
  2. The domains used by certificate-pinned applications should be added to the authentication bypass list.
  3. Traffic with pinned certificates should be blocked.
  4. The domains used by applications with pinned certificates should be allowed in an inline policy.

Answer(s): A

Explanation:

When working with traffic from applications with pinned certificates, you should add an exception to the steering configuration to bypass them. Pinned certificates are a security technique that prevents man-in-the-middle attacks by validating the server certificates against a hardcoded list of certificates in the application. If you try to intercept or inspect the traffic from such applications, they will reject the connection or display an error message. Therefore, you should add the domains used by certificate-pinned applications as exceptions in your steering configuration, so that they are not steered to Netskope for analysis and enforcement.


Reference:

Certificate Pinned ApplicationsCreating a Steering Configuration



Which two traffic steering configurations are supported by Netskope? (Choose two.)

  1. browser isolation traffic only
  2. cloud applications only
  3. all Web traffic including cloud applications
  4. Web traffic only

Answer(s): B,C

Explanation:

The two traffic steering configurations that are supported by Netskope are cloud applications only and all Web traffic including cloud applications. These configurations allow you to control what kind of traffic gets steered to Netskope for real-time deep analysis and what kind of traffic gets bypassed. You can choose one of these options for both on-premises and off-premises scenarios, depending on your network environment and security needs. You can also create exceptions for specific domains, IP addresses, or certificate-pinned applications that you want to bypass or steer regardless of the configuration option.


Reference:

Steering ConfigurationCreating a Steering Configuration



Which three technologies describe the primary cloud service models as defined by the National Institute of Standards and Technology (NIST)? (Choose three.)

  1. Cloud Service Provider (CSP)
  2. Identity as a Service (IDaaS)
  3. Platform as a Service (PaaS)
  4. Software as a Service (SaaS)
  5. Infrastructure as a Service (laaS)

Answer(s): C,D,E

Explanation:

The three technologies that describe the primary cloud service models as defined by the National Institute of Standards and Technology (NIST) are Platform as a Service (PaaS), Software as a Service (SaaS), and Infrastructure as a Service (IaaS). These service models are based on the type of computing capability that is provided by the cloud provider to the cloud consumer over a network. According to NIST, these service models have the following definitions:

Platform as a Service (PaaS): The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.

Software as a Service (SaaS): The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

Infrastructure as a Service (IaaS): The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).


Reference:

The NIST Definition of Cloud ComputingNIST Cloud Computing Program



Page 10 of 34



Post your Comments and Discuss Netskope NSK101 exam with other Community members:

Flash commented on August 25, 2024
Can we pass the exams by only using the free dumps my exam was scheduled on 28 of august
Anonymous
upvote