CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Netskope
  5. NSK200

Free NSK200 Exam Braindumps (page: 3)

Page 2 of 16
PDF with 93 Questions

An engineering firm is using Netskope DLP to identify and block sensitive documents, including schematics and drawings. Lately, they have identified that when these documents are blocked, certain employees may be taking screenshots and uploading them. They want to block any screenshots from being uploaded.

Which feature would you use to satisfy this requirement?

  1. exact data match (EDM)
  2. document fingerprinting
  3. ML image classifier
  4. optical character recognition (OCR)

Answer(s): C

Explanation:

To block any screenshots from being uploaded, the engineering firm should use the ML image classifier feature of Netskope DLP. This feature uses machine learning to detect sensitive information within images, such as screenshots, whiteboards, passports, driver's licenses, etc. The firm can create a DLP policy that blocks any image upload that matches the screenshot classifier. This will prevent employees from circumventing the DLP controls by taking screenshots of sensitive documents.


Reference:

Improved DLP Image Classifiers, Netskope Data Loss Prevention, The Importance of a Machine Learning-Based Source Code Classifier



Review the exhibit.



You are at the Malware Incident page. A virus was detected by the Netskope Heuristics Engine. Your security team has confirmed that the virus was a test data file You want to allow the security team to use this file

Referring to the exhibit, which two statements are correct? (Choose two.)

  1. Click the "Add To File Filter button to add the IOC to a file list.
  2. Contact the CrowdStrike administrator to have the file marked as safe.
  3. Click the ''Lookup VirusTotal" button to verify if this IOC is a false positive.
  4. Create a malware detection profile and update the file hash list with the IOC.

Answer(s): A,C

Explanation:

To allow the security team to use the test data file that was detected as a virus by the Netskope Heuristics Engine, the following two steps are correct:

Click the "Add To File Filter" button to add the IOC to a file list. This will exclude the file from future malware scans and prevent false positive alerts. The file list can be managed in the Settings > File Filter page1.

Click the "Lookup VirusTotal" button to verify if this IOC is a false positive. This will open a new tab with the VirusTotal report for the file hash. VirusTotal is a service that analyzes files and URLs for viruses, worms, trojans, and other kinds of malicious content. The report will show how many antivirus engines detected the file as malicious and provide additional information about the file2.

https://docs.netskope.com/en/netskope-help/admin-console/incidents/



Which object would be selected when creating a Malware Detection profile?

  1. DLP profile
  2. File profile
  3. Domain profile
  4. User profile

Answer(s): B

Explanation:

A file profile is an object that contains a list of file hashes that can be used to create a malware detection profile. A file profile can be configured as an allowlist or a blocklist, depending on whether the files are known to be benign or malicious. A file profile can be created in the Settings > File Profile page1. A malware detection profile is a set of rules that define how Netskope handles malware incidents. A malware detection profile can be created in the Policies > Threat Protection > Malware Detection Profiles page2. To create a malware detection profile, one needs to select a file profile as an allowlist or a blocklist, along with the Netskope malware scan option. The other options are not objects that can be selected when creating a malware detection profile.



Your learn is asked to Investigate which of the Netskope DLP policies are creating the most incidents. In this scenario, which two statements are true? (Choose two.)

  1. The Skope IT Applications tab will list the top five DLP policies.
  2. You can see the top Ave DLP policies triggered using the Analyze feature
  3. You can create a report using Reporting or Advanced Analytics.
  4. The Skope IT Alerts tab will list the top five DLP policies.

Answer(s): B,C

Explanation:

To investigate which of the Netskope DLP policies are creating the most incidents, the following two statements are true:

You can see the top five DLP policies triggered using the Analyze feature. The Analyze feature allows you to create custom dashboards and widgets to visualize and explore your data. You can use the DLP Policy widget to see the top five DLP policies that generated the most incidents in a given time period3.

You can create a report using Reporting or Advanced Analytics. The Reporting feature allows you to create scheduled or ad-hoc reports based on predefined templates or custom queries. You can use the DLP Incidents by Policy template to generate a report that shows the number of incidents per DLP policy4. The Advanced Analytics feature allows you to run SQL queries on your data and export the results as CSV or JSON files. You can use the DLP_INCIDENTS table to query the data by policy name and incident count5.

The other two statements are not true because:

The Skope IT Applications tab will not list the top five DLP policies. The Skope IT Applications tab shows the cloud app usage and risk summary for your organization. It does not show any information about DLP policies or incidents6.

The Skope IT Alerts tab will not list the top five DLP policies. The Skope IT Alerts tab shows the alerts generated by various policies and profiles, such as DLP, threat protection, IPS, etc. It does not show the number of incidents per policy, only the number of alerts per incident7.






Post your Comments and Discuss Netskope NSK200 exam with other Community members:

NSK200 Discussions & Posts