Pass the Netskope NCCSA NSK101 Questions and answers with ExamsMirror

Netskope’s Private Access Solution is a service that allows users to securely access private applications without exposing them to the internet or using VPNs. It provides protection for private applications by encrypting the traffic, enforcing granular policies, and preventing data exfiltration. It also provides access to private applications by creating a secure tunnel between the user’s device and the application’s server, regardless of their location or network. It does not act as a cloud-based firewall, as it does not filter or block traffic based on ports or protocols. It does not require on-premises hardware, as it is a cloud-native solution that leverages Netskope’s global network of points of presence (POPs). References: [Netskope Private Access].

The parameter shown in the exhibit (File Profile) is crucial in policies where file type, size, and other attributes need to be specified. Here are two use cases where this parameter is required:

When you create a policy to prevent file transfer between a sanctioned Google Drive and personal Google Drive:

Explanation: In this use case, the File Profile is used to define the types of files that are not allowed to be transferred between different Google Drive instances. By specifying the file types in the policy, administrators can ensure that sensitive corporate data is not transferred to personal accounts.

Implementation: Create a new File Profile with the desired file types and apply this profile in the policy that governs the data transfer rules between sanctioned and personal Google Drive instances.

When you create a policy to prevent binary files larger than 5 MB that are shared publicly on a sanctioned OneDrive:

Explanation: This use case involves creating a policy that restricts the sharing of large binary files (e.g., executable files) on publicly accessible folders in OneDrive. The File Profile parameter allows defining the file size and type criteria.

Implementation: Define a File Profile that specifies binary files and sets a size limit (e.g., 5 MB). Apply this profile in the policy to prevent such files from being shared publicly.

References:

REST API v2 Overview - Netskope Knowledge Portal

Using the REST API v2 dataexport Iterator Endpoints - Netskope Knowledge Portal

Using the REST API v2 UCI Impact Endpoints - Netskope Knowledge Portal

netskopesdk · PyPI

Netskope Rest APIv2(OAS 3.1) - Postman Collection

In the exhibit, a user is uploading a file containing PCI-DSS data to the corporate Google Drive instance. Despite the policy that blocks DLP (Data Loss Prevention) uploads being active, the upload is not blocked. This indicates that the policy is not applied in the correct order.

Netskope applies policies in a top-down manner. If there are multiple policies that could apply to an action, the order in which the policies are evaluated is crucial. In this case, another policy might be allowing the upload before the DLP policy can block it. Ensuring that the DLP policy is higher in the order can resolve this issue.

References:

Netskope policy configuration and enforcement documentation.

Details on how Netskope processes and applies policies based on their order in the policy list.

To mitigate malicious scripts from being downloaded into your corporate devices every time a user goes to a website, you need to use Netskope’s threat protection features to block or isolate potentially harmful web traffic. Two actions that would help you accomplish this task while allowing the user to work are: block malware detected on download activity for all remaining categories and block known bad websites and enable RBI to uncategorized domains. The first action will prevent any files that contain malware from being downloaded to your devices from any website category, except those that are explicitly allowed or excluded by your policies. The second action will prevent any websites that are classified as malicious or phishing by Netskope from being accessed by your users and enable Remote Browser Isolation (RBI) to uncategorized domains, which are domains that have not been assigned a category by Netskope. RBI is a feature that allows users to browse websites in a virtual browser hosted in the cloud, without exposing their devices to any scripts or content from the website. Allowing the user to browse uncategorized domains but restrict edit activities or allowing a limited amount of domains and block everything else are not effective actions, as they may either limit the user’s productivity or expose them to unknown risks. References: [Netskope Threat Protection], [Netskope Remote Browser Isolation].

To set up a real-time threat protection policy for patient zero to block previously unseen files until a benign verdict is produced by the Netskope Threat Protection Service, you need to configure the following parameters:

Block Action: This action ensures that any previously unseen file is blocked until it has been analyzed and a verdict has been reached. By blocking the file, the policy prevents potential threats from entering the network until they are deemed safe.

Remediation Profile: This profile defines the actions to be taken when a threat is detected. It includes configuring the alerts and responses (such as notifying administrators) when a file is blocked. This ensures that there is a process in place for handling detected threats and that appropriate measures are taken.

References:

Netskope Threat Protection documentation detailing the setup of real-time threat protection policies.

Configuration guides for policy actions and remediation profiles in the Netskope platform.

=================

The General Data Protection Regulation (GDPR) is the compliance standard a company should consider if both controllers and processors have legal entities in the EU. The GDPR applies to any organization that processes personal data of individuals within the EU, regardless of where the organization itself is based. This regulation imposes strict rules on data handling and provides robust protection for personal data.

References:

GDPR is designed to protect data privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas​​​​.

The NPA (Netskope Private Access) Troubleshooter Tool provides the following status indicators when run:

Steering configuration: This indicates whether the traffic is being correctly steered through the Netskope infrastructure according to the defined policies.

Publisher connectivity: This status shows whether the Netskope Publisher is correctly connected and able to communicate with the Netskope cloud. It ensures that the Publisher, which acts as a gateway, is functioning correctly.

Reachability of the private app: This status verifies if the private application is reachable from the Netskope infrastructure, ensuring that users can access the necessary internal resources.

These indicators help administrators troubleshoot and ensure that the NPA setup is working correctly, providing secure and reliable access to private applications.

References:

Netskope documentation on using the NPA Troubleshooter Tool and the status indicators it provides.

Best practices for troubleshooting NPA connectivity and performance issues.

=================

To locate information pertaining to a DLP violation on a file in your sanctioned Google Drive instance, you can use the Incidents dashboard in Netskope. The Incidents dashboard provides a comprehensive view of all the incidents that have occurred in your cloud environment, such as DLP violations, malware infections, anomalous activities, etc. You can filter the incidents by various criteria, such as app name, incident type, severity, user name, etc. You can also drill down into each incident to see more details, such as file name, file path, file owner, file size, file type, etc. The Incidents dashboard can show DLP violations for files that are in a deleted state, as long as they are still recoverable from the trash bin of the app. If the file is permanently deleted from the app, then the incident will not be visible in the dashboard. References: Netskope Incidents Dashboard

If the Cloud Storage category is in the Steering Configuration as an exception, then Netskope will not steer any traffic to or from cloud storage applications, such as Microsoft 365 OneDrive, to its platform. This means that Netskope will not be able to inspect or apply any policies to this traffic, including DLP policies. Similarly, if the destination domain is excluded from decryption in the decryption policy, then Netskope will not decrypt any traffic to or from that domain, such as onedrive.com. This means that Netskope will not be able to inspect or apply any policies to this traffic, including DLP policies. The location of the Netskope POP or the use of IPsec as a steering option do not affect the application of DLP policies, as long as Netskope can steer and decrypt the relevant traffic. References: Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 3: Steering Configuration, Lesson 1: Steering Options and Lesson 2: Exceptions; Module 4: Decryption Policy, Lesson 1: Decryption Policy Overview and Lesson 2: Decryption Policy Configuration.

https://www.bsimm.com/ : https://www.iso.org/isoiec-27001-information-security.html : https://www.dasca.org/ : https://www.nist.gov/cyberframework

To protect your users from malicious scripts that may be downloaded from websites, you need to use technologies that can detect and prevent malware, ransomware, phishing, and other advanced threats in web traffic. Two technologies that form a part of Netskope’s Threat Protection module, which is a feature in the Netskope platform that provides these capabilities, are sandbox and heuristics. Sandbox is a technology that allows Netskope to analyze suspicious files or URLs in a virtual environment isolated from the rest of the network. It simulates the execution of the files or URLs and observes their behavior and impact on the system. It then generates a verdict based on the analysis and blocks any malicious files or URLs from reaching your users or devices. Heuristics is a technology that allows Netskope to identify unknown or emerging threats based on their characteristics or patterns, rather than relying on predefined signatures or rules. It uses machine learning and artificial intelligence to analyze various attributes of files or URLs, such as file type, size, entropy, metadata, code structure, etc., and assigns a risk score based on the analysis. It then blocks any files or URLs that exceed a certain risk threshold from reaching your users or devices. A log parser or DLP are not technologies that form a part of Netskope’s Threat Protection module, as they are more related to discovering cloud applications or protecting sensitive data. References: [Netskope Threat Protection], Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 9: Threat Protection.