Netskope NSK300 Exam Questions

Question 6 of 88

You want to integrate with a third-party DLP engine that requires ICAP.
In this scenario, which Netskope platform component must be configured?

On-Premises Log Parser (OPLP)

Secure Forwarder

Netskope Cloud Exchange

Netskope Adapter

Correct Answer: B

Question 7 of 88

You just deployed and registered an NPA publisher for your first private application and need to provide access to this application for the Human Resources (HR) users group only.
How would you accomplish this task?

1. Enable private app steering in the Steering Configuration assigned to the HR group.
2. Create a new Private App.
3. Create a new Real-time Protection policy as follows:

Source = HR user group -

Destination = Private App -
Action = Allow

1. Create a new private app and assign it to the HR user group.
2. Create a new Real-time Protection policy as follows:

Source = HR user group -

Destination = Private App -
Action = Allow.

1. Enable private app steering in Tenant Steering Configuration.
2. Create a new private app and assign it to the HR user group.

1. Enable private app steering in the Steering Configuration assigned to the HR group.
2. Create a new private app and assign it to the HR user group.
3. Create a new Real-time Protection policy as follows:

Source = HR user group -

Destination = Private App -
Action = Allow

Correct Answer: D

Question 8 of 88

Users at your company’s branch office in San Francisco report that their clients are connecting, but websites and SaaS applications are slow. When troubleshooting, you notice that the users are connected to a Netskope data plane in New York where your company’s headquarters is located.
What is a valid reason for this behavior?

The Netskope Client’s on-premises detection check failed.

The Netskope Client’s default DNS over HTTPS call is failing.

The closest Netskope data plane to San Francisco is unavailable.

The Netskope Client’s DNS call to Secure Forwarder is failing.

Correct Answer: C

Question 9 of 88

Review the exhibit.
Exam NSK300: Question 9 - Image 1

AcmeCorp has recently begun using Microsoft 365. The organization is concerned that employees will start using third-party non-AcmeCorp OneDrive instances to store company data. The CISO asks you to use Netskope to create a policy that ensures that no data is being uploaded to non-AcmeCorp instances of OneDrive.
Referring to the exhibit, which two policies would accomplish this posture? (Choose two.)

Correct Answer: D

Question 10 of 88

A company has deployed Explicit Proxy over Tunnel (EPoT) for their VDI users. They have configured Forward Proxy authentication using Okta Universal Directory. They have also configured a number of Real-time Protection policies that block access to different Web categories for different AD groups so, for example, marketing users are blocked from accessing gambling sites. During User Acceptance Testing, they see inconsistent results where sometimes marketing users are able to access gambling sites and sometimes they are blocked as expected. They are seeing this inconsistency based on who logs into the VDI server first.
What is causing this behavior?

Forward Proxy is not configured to use the Cookie Surrogate.

Forward Proxy is not configured to use the IP Surrogate.

Forward Proxy authentication is configured but not enabled.

Forward Proxy is configured to use the Cookie Surrogate.

Correct Answer: B