Netskope Updated NSK101 Exam Questions and Answers by elio

To mitigate malicious scripts from being downloaded into your corporate devices every time a user goes to a website, you need to use Netskope’s threat protection features to block or isolate potentially harmful web traffic. Two actions that would help you accomplish this task while allowing the user to work are: block malware detected on download activity for all remaining categories and block known bad websites and enable RBI to uncategorized domains. The first action will prevent any files that contain malware from being downloaded to your devices from any website category, except those that are explicitly allowed or excluded by your policies. The second action will prevent any websites that are classified as malicious or phishing by Netskope from being accessed by your users and enable Remote Browser Isolation (RBI) to uncategorized domains, which are domains that have not been assigned a category by Netskope. RBI is a feature that allows users to browse websites in a virtual browser hosted in the cloud, without exposing their devices to any scripts or content from the website. Allowing the user to browse uncategorized domains but restrict edit activities or allowing a limited amount of domains and block everything else are not effective actions, as they may either limit the user’s productivity or expose them to unknown risks. References: [Netskope Threat Protection], [Netskope Remote Browser Isolation].

When designing an architecture with Netskope Private Access, the Netskope Publisher is the element that guarantees connectivity between the Netskope cloud and the private application. The Publisher acts as a gateway, securely connecting users to private applications hosted on-premises or in data centers.

Netskope Publisher: This component facilitates secure access to private applications by connecting the Netskope cloud with the internal network. It ensures that users can access private applications seamlessly while maintaining security and compliance.

References:

Netskope documentation on Private Access and the role of the Publisher.

Best practices for configuring and deploying Netskope Publisher to ensure secure connectivity to private applications.

=================

Steering Configuration page under Settings (A):The Steering Configuration page under Settings is used to configure and manage the steering policies, including IPsec and GRE tunnels. This section provides the necessary tools to configure the network traffic routing and ensures that the configurations are set according to the organization's requirements.

IPsec Site and GRE Site pages under Settings (D):These specific pages under the Settings section allow administrators to monitor and manage the status of IPsec and GRE tunnels. They provide detailed information about the tunnel configurations, status, and other metrics that are essential for maintaining the health and performance of the network connections.

These details are confirmed based on the features and configurations available within the Netskope Admin UI settings, as documented in the Netskope Knowledge Portal.

In the scenario where a user is connected to a SaaS application through Netskope's Next Gen Secure Web Gateway (SWG) with SSL inspection enabled, the following information is available in SkopeIT:

User activity, CCL: SkopeIT provides detailed logs of user activities, including actions taken within SaaS applications, and uses the Cloud Confidence Level (CCL) to rate the trustworthiness of cloud applications.

Account instance, category: It logs information about the specific instance of the account being accessed and categorizes the type of service or application in use, which helps in identifying the context of the user’s activities.

Username, source location: The username of the user accessing the SaaS application and their source location (such as IP address or geographic location) are logged for audit and compliance purposes.

References:

Netskope documentation on SSL inspection and SkopeIT logging.

Detailed configuration guides on using Next Gen SWG and the types of data collected by SkopeIT.

=================