NSK101 Exam Dumps - Netskope Certified Cloud Security Administrator (NCCSA)

The two traffic steering configurations that are supported by Netskope are cloud applications only and all Web traffic including cloud applications. These configurations allow you to control what kind of traffic gets steered to Netskope for real-time deep analysis and what kind of traffic gets bypassed. You can choose one of these options for both on-premises and off-premises scenarios, depending on your network environment and security needs. You can also create exceptions for specific domains, IP addresses, or certificate-pinned applications that you want to bypass or steer regardless of the configuration option. References: Steering ConfigurationCreating a Steering Configuration

When reviewing files affected by malware in the Netskope UI under Incidents -> Malware, you have the following options:

Identify the exposure of the file identified as malware: This allows you to see where the malware has spread within the organization, which users or systems are affected, and any potential data exposure resulting from the malware.

Determine the Detection Engine used to identify the malware: Netskope provides details on which detection engine (such as AV, sandboxing, or other heuristic engines) identified the malware. This helps in understanding the threat vector and the reliability of the detection.

Downloading the original malware file (option A) is generally not recommended for security reasons and may not be supported directly from the Netskope UI. Remediation of compromised devices (option C) would typically be handled through endpoint security solutions rather than directly from the Netskope UI.

References:

Netskope documentation on malware detection and incident response.

Best practices for handling malware incidents and using the Netskope UI for threat analysis.

=================

ï‚· Create the Report in Advanced Analytics:

Data Collection:

Use the "Page Events" data collection, which captures detailed user activities on web pages, including edits and uploads.

Filters:

Apply filters to include only the activities "Edit" and "Upload".

Add another filter for the Cloud Confidence Level (CCL) to include only those with "Low" or "Poor" ratings.

This ensures the report focuses on the specified user activities within cloud applications that have lower security ratings.

Steps:

Navigate to Advanced Analytics > Reports.

Create a new report and select "Page Events" as the data collection source.

Apply the necessary filters for activities and CCL values.

ï‚· Schedule the Report:

Monthly Recurrence:

Set the report to run on a monthly schedule to ensure regular updates.

Configure the report to be sent via email with a PDF attachment.

Steps:

In the report scheduling options, set the recurrence to monthly.

Specify the email recipients, ensuring the CISO receives the report.

Select PDF as the report format.

ï‚· References:

For more details on creating and scheduling reports, refer to the Netskope documentation on Advanced Analytics and report generation​​​​.

To deploy Netskope’s zero trust network access (ZTNA) solution, NPA, you need to enable Steer all Private Apps in your existing steering configuration(s) from the admin console. This will allow you to create private app profiles and assign them to your applications. NPA will then provide secure and granular access to your applications without exposing them to the internet or requiring VPNs. References: [Netskope Private Access (NPA) Deployment Guide]

When a user is unable to access a newly added private application despite having the correct Real-time Protection policy in place, the NPA (Netskope Private Access) Troubleshooter tool can be used to diagnose and resolve the issue.

Accessing NPA Troubleshooter:

Navigate to the Netskope Web UI.

Go to the Troubleshooting section and select NPA Troubleshooter.

Verifying User Policy:

Check the specific policy applied to the user to ensure that it allows access to the application.

Ensure that there are no conflicting policies that might be blocking access.

Checking Steering Configuration:

Verify that the steering configuration is correctly set up to route the user's traffic to the Netskope platform.

Ensure that the correct gateways are being used and that the traffic is not being bypassed.

Client Status:

Confirm that the Netskope client is installed and running on the user's device.

Check the client logs for any errors or issues that might be preventing access.

Additional Details:

Review any other relevant details such as the user's network configuration, device status, and any recent changes that might have impacted connectivity.

By systematically using the NPA Troubleshooter tool to verify these aspects, you can identify and resolve the underlying issue preventing access to the private application.

References:

REST API v2 Overview - Netskope Knowledge Portal

Using the REST API v2 dataexport Iterator Endpoints - Netskope Knowledge Portal

Using the REST API v2 UCI Impact Endpoints - Netskope Knowledge Portal

netskopesdk · PyPI

Netskope Rest APIv2(OAS 3.1) - Postman Collection

The inline and API implementation of the Netskope platform are two different ways of connecting cloud applications to Netskope for inspection and policy enforcement. Two fundamental differences between them are: The API implementation can only be used with sanctioned applications, which are applications that are approved and authorized by the organization for business use. The API implementation relies on using out-of-band API connections to access data and events from these applications and apply near real-time policies. The inline implementation can effectively block a transaction in both sanctioned and unsanctioned applications, which are applications that are not approved or authorized by the organization for business use. The inline implementation relies on using in-band proxy or reverse-proxy connections to intercept traffic to and from these applications and apply real-time policies. The API implementation can be used with both sanctioned and unsanctioned applications and the inline implementation can only effectively block a transaction in sanctioned applications are not true statements, as they contradict the actual capabilities and limitations of each implementation method. References: [Netskope SaaS API-enabled Protection], [Netskope Inline CASB].

The statement that is true in this scenario is: Certificate-related settings apply to each individual steering configuration level. Certificate-related settings are the options that allow you to configure how Netskope handles SSL/TLS certificates for encrypted web traffic. For example, you can choose whether to allow or block self-signed certificates, expired certificates, revoked certificates, etc. You can also choose whether to enable SSL decryption for specific domains or categories. Certificate-related settings apply to each individual steering configuration level, which means that you can have different settings for different types of traffic or devices. For example, you can have one steering configuration for managed devices and another one for unmanaged devices, and apply different certificate-related settings for each one. This allows you to customize your security policies based on your needs and preferences. References: Netskope SSL DecryptionNetskope Steering Configuration

In the exhibit, a user is uploading a file containing PCI-DSS data to the corporate Google Drive instance. Despite the policy that blocks DLP (Data Loss Prevention) uploads being active, the upload is not blocked. This indicates that the policy is not applied in the correct order.

Netskope applies policies in a top-down manner. If there are multiple policies that could apply to an action, the order in which the policies are evaluated is crucial. In this case, another policy might be allowing the upload before the DLP policy can block it. Ensuring that the DLP policy is higher in the order can resolve this issue.

References:

Netskope policy configuration and enforcement documentation.

Details on how Netskope processes and applies policies based on their order in the policy list.