NSK300 Practice Exam Questions and Answers

To validate that the GRE tunnel is configured correctly and that traffic is flowing to Netskope, the correct statements are:

• A: You can use your local router or network device to verify that keepalives are being received and traffic is flowing to Netskope. This is a standard method for checking the health and activity of a GRE tunnel.
• C: You can verify that the tunnel is up and receiving traffic in the Netskope UI under Settings > Security Cloud Platform > GR

  E.  

   This is a feature provided by Netskope to monitor the status of GRE tunnels directly from the Netskope interface12.

Statement B is incorrect because Netskope provides its own tools for monitoring the status of the tunnel. Statement D is incorrect because the Netskope Trust portal provides information on the overall service status and updates, not specific tunnel status3.

References: The references for these answers can be found in the Netskope Knowledge Portal, which provides detailed guidance on configuring and validating GRE tunnels12. Additionally, the Netskope Community Forum offers insights and solutions for deploying and monitoring GRE tunnels

To address the issue of a certificate-pinned application not being accessible due to certificate pinning, while still steering the traffic to Netskope, the two methods that would satisfy the requirements are:

• B: Configure the SSL Do Not Decrypt policy to not decrypt traffic for domains used by the native application. This ensures that the SSL traffic for the specified domains is not decrypted, thus avoiding issues with certificate pinning.
• C: Configure domain exceptions in the steering configuration for the domains used by the native application.By setting domain exceptions, traffic to these domains will bypass SSL decryption, allowing the certificate-pinned application to function as expected1.

These methods are in line with Netskope’s capabilities for handling certificate-pinned applications, which often require bypassing decryption to prevent breaking the application’s functionality due to its security features1.

References: The Netskope Knowledge Portal provides detailed information on managing certificate-pinned applications, including how to configure SSL Do Not Decrypt policies and domain exceptions in the steering configuration1.Additionally, the Netskope Community Forum offers insights and best practices for handling certificate-pinned applications2.

For a server subnet that is isolated and requires content filtering for any server that might access the Internet using a browser, the two Netskope deployment methods that would meet this requirement are:

• B.  

  Deploy Data Plane on Premises (DPoP) with a proxy configuration on the servers: Deploying DPoP would allow the isolated servers to connect to the Netskope cloud forcontent filtering through a proxy configuration.This setup would enable the servers to have controlled access to the Internet for content filtering purposes without requiring direct Internet access1.

• C.  

  Deploy IPsec or GRE tunnels in the segment to steer traffic from the servers to Netskope: By deploying IPsec or GRE tunnels, the traffic from the servers can be securely directed to Netskope for content filtering.This method is suitable for environments where servers do not have direct Internet access, as the tunnel provides a secure path for traffic to reach Netskope’s cloud services1.

These deployment methods are designed to work in environments with strict network isolation and provide the necessary content filtering capabilities for servers accessing the Internet.

References: The deployment methods and their suitability for isolated server subnets are based on Netskope’s documentation and resources, which detail various deployment options and their use cases21.

Sankey diagram

Sankey diagram

To produce a Sankey Tile in a report that visually represents the top 10 applications by number of objects and their risk score, you would need:

• Dimension (A): This field type would be used to represent the nodes in the Sankey visualization, which could be the applications in this case1.
• Measure (B): This field type would provide the weight of the links between the nodes, representing the number of objects or the risk score associated with each application1.

These two field types are essential for creating a Sankey visualization as they define the structure and flow of data between different stages or categories within the visualization.

References: The requirements for creating a Sankey visualization are based on the general principles of data visualization and the specific features of Sankey diagrams, which typically involve dimensions and measures to represent the flow of data1.