NSK101 Practice Questions

To take into account some recent adjustments to CCI scoring that were made in your Netskope tenant, you can use the App Tag and App Score aspects in the UI to create a real-time protection policy. The App Tag is a label that indicates the level of enterprise readiness of a cloud app based on its CCI score. The App Score is a numerical value that represents the CCI score of a cloud app based on various criteria such as security, auditability, and business continuity. You can use these aspects to filter cloud apps by their CCI ratings and apply policies accordingly. For example, you can create a policy that blocks access to cloud apps with an App Tag of Poor or an App Score below 50. References: Netskope Cloud Confidence IndexCreating Real-Time Policies for Cloud Applications

Identify the Blocked Policy: According to the exhibit, the website is blocked by the "Global Block Policy."

Create a Custom URL List: To create an exception for the domain, you need to first create a custom URL list that includes the domain in question.

Navigate to the URL List section in the Netskope UI.

Create a new URL list and add the domain that needs to be allowed.

Option B: Create a custom category with the custom URL list as an included URL list and add it to an allow policy above the Global Block policy.

Go to the Policy section in the Netskope UI.

Create a new policy, ensuring it is an "Allow" policy.

Add the custom category to this allow policy.

Position this allow policy above the Global Block policy to ensure it takes precedence.

This ensures that the URLs in the custom list are allowed before the Global Block policy is evaluated.

Option C: Add the custom URL list as an excluded URL list to the category in the Global Block policy.

Edit the existing Global Block policy.

Add the custom URL list to the excluded URL list section of this policy.

This will exclude the URLs in the custom list from being blocked by the Global Block policy.

References:

Refer to the Netskope Knowledge Portal for managing custom URL lists and policy configurations​​​​​​.

The three components that make up the Borderless SD-WAN solution are:

Endpoint SD-WAN Client: This client is installed on endpoints (such as laptops and mobile devices) to ensure secure and optimized connectivity to the corporate network, even when users are remote. The Endpoint SD-WAN Client is a critical part of extending SD-WAN capabilities to individual users and devices, providing seamless connectivity and security.

SASE Orchestrator: The Secure Access Service Edge (SASE) Orchestrator is responsible for managing and orchestrating the various components of the SD-WAN solution. It ensures that policies are enforced consistently across the network, manages the deployment of network functions, and provides centralized control and visibility.

SASE Gateway: The SASE Gateway provides secure, optimized access to cloud applications and services. It combines SD-WAN capabilities with advanced security functions, such as firewalling, intrusion prevention, and secure web gateways, to protect data and users as they access resources from different locations.

These components work together to provide a comprehensive SD-WAN solution that addresses the needs of modern, distributed workforces by combining networking and security functions in a unified architecture.

References:

Netskope REST API v2 Overview​​.

Using the REST API v2 dataexport Iterator Endpoints​​.

Using the REST API v2 UCI Impact Endpoints​​.

Netskope SDK on PyPI​​.

Postman Collection for Netskope REST API​​.

The two traffic steering configurations that are supported by Netskope are cloud applications only and all Web traffic including cloud applications. These configurations allow you to control what kind of traffic gets steered to Netskope for real-time deep analysis and what kind of traffic gets bypassed. You can choose one of these options for both on-premises and off-premises scenarios, depending on your network environment and security needs. You can also create exceptions for specific domains, IP addresses, or certificate-pinned applications that you want to bypass or steer regardless of the configuration option. References: Steering ConfigurationCreating a Steering Configuration