NSK200 Online Practice Questions

Explanation:
To allow users to transparently leverage the local security stack when they return to the office, you need to follow these two statements:
A. You must enable On-premises Detection in the client configuration and
C. You must disable Dynamic Steering in the traffic steering profile. On-premises Detection is a feature that allows the Netskope client to detect whether it is on-premises or off-premises based on a DNS or HTTP probe. You need to enable On-premises Detection in the client configuration and specify a domain name or an HTTP address that is only accessible from your local network3. Dynamic Steering is a feature that allows you to steer different types of traffic differently based on various criteria such as user group, location, category, etc. You need to disable Dynamic Steering in the traffic steering profile or create an exception for your local network to bypass Netskope and use your local security stack4. Therefore, options A and C are correct and the other options are incorrect.
Reference: Client Configuration - Netskope Knowledge Portal, Dynamic Steering - Netskope Knowledge Portal

Explanation:
To block any screenshots from being uploaded, the engineering firm should use the ML image classifier feature of Netskope DLP. This feature uses machine learning to detect sensitive information within images, such as screenshots, whiteboards, passports, driver’s licenses, etc. The firm can create a DLP policy that blocks any image upload that matches the screenshot classifier. This will prevent employees from circumventing the DLP controls by taking screenshots of sensitive documents.
Reference: Improved DLP Image Classifiers, Netskope Data Loss Prevention, The Importance of a Machine Learning-Based Source Code Classifier

Explanation:
The Netskope client can be disabled by the administrator from the Netskope console. This is useful for troubleshooting or maintenance purposes. When the client is disabled by the administrator, it shows the status as “Admin Disabled” and does not apply any policies or steer any traffic. The user cannot enable the client unless the administrator enables it from the console. The other options are not valid reasons for the client to be in an “Admin Disabled” state.
Reference: Netskope Client Status 1, Enable or Disable Netskope Client 2

Explanation:
To implement role-based access control when integrating Netskope tenant administration with an external identity provider (IdP), two statements that are true about this scenario are A. The roles you want to assign must be present in the Netskope tenant and C. You need to define the administrators locally in the Netskope tenant. Role-based access control (RBAC) is a feature that allows you to assign different levels of permissions and access to the Netskope tenant based on the user’s role. You can use RBAC to integrate Netskope tenant administration with an external IdP such as Azure AD or Okta and delegate administrative tasks to different users or groups1. To do this, you need to ensure that the roles you want to assign are present in the Netskope tenant. You can use the predefined roles such as SYSADMIN, AUDITOR, or OPERATOR, or create custom roles with specific privileges2. You also need to define the administrators locally in the Netskope tenant by creating local user accounts and assigning them roles. You can use the same email address as the IdP user account for the local user account3. Therefore, options A and C are correct and the other options are incorrect.
Reference: Role-Based Access Control - Netskope Knowledge Portal, Roles - Netskope Knowledge Portal, Integrate with Azure AD - Netskope Knowledge Portal

Explanation:
Creating a real-time threat protection policy specifically targeting the "Cloud Storage" category ensures that all supported cloud storage applications are covered by malware protection. This approach allows real-time scanning and response to malware threats within cloud storage environments.