NSK101 Netskope Certified Cloud Security Administrator (NCCSA) Questions and Answers

When comparing data in motion with data at rest, it is important to understand how each type of data is handled in terms of security and monitoring:

Data in motion refers to data actively moving from one location to another, such as through email, instant messaging, or any other form of communication over the internet. To secure and monitor data in motion, Netskope typically requires the deployment of the Netskope client on user devices. The client helps enforce security policies, monitor data transfers, and protect against data loss and other threats during the data's transit.

References:

Netskope Knowledge Portal: Data Protection

Netskope Client Overview

Data Loss Prevention (DLP) document classifiers are designed to identify and control the flow of sensitive information based on predefined patterns and criteria. In this scenario, where the customer has cloud storage repositories containing sensitive files such as bank statements, consulting agreements, and disclosure agreements, DLP document classifiers can help:

Identify sensitive documents: By scanning and classifying documents based on their content, DLP document classifiers ensure that sensitive files are recognized and handled appropriately.

Control data flow: Policies can be applied to prevent unauthorized access, sharing, or movement of sensitive files, thereby protecting the data from leakage or exposure.

References:

Netskope DLP documentation, detailing how document classifiers work and how they can be configured to protect sensitive information.

Best practices for implementing DLP solutions to safeguard sensitive data in cloud storage environments.

=================

Two primary advantages of Netskope’s Secure Access Service Edge (SASE) architecture are: no on-premises hardware required for policy enforcement and single management console. Netskope’s SASE architecture delivers network and security services as cloud-based services that can be accessed from any location and device. This eliminates the need for on-premises hardware appliances such as firewalls, proxies, VPNs, etc., that are costly to maintain and scale. Netskope’s SASE architecture also provides a single management console that allows administrators to configure and monitor all the network and security services from one place. This simplifies IT operations and reduces complexity and overhead. References: Netskope SASEWhat is SASE?

In the scenario where a user is connected to a SaaS application through Netskope's Next Gen Secure Web Gateway (SWG) with SSL inspection enabled, the following information is available in SkopeIT:

User activity, CCL: SkopeIT provides detailed logs of user activities, including actions taken within SaaS applications, and uses the Cloud Confidence Level (CCL) to rate the trustworthiness of cloud applications.

Account instance, category: It logs information about the specific instance of the account being accessed and categorizes the type of service or application in use, which helps in identifying the context of the user’s activities.

Username, source location: The username of the user accessing the SaaS application and their source location (such as IP address or geographic location) are logged for audit and compliance purposes.

References:

Netskope documentation on SSL inspection and SkopeIT logging.

Detailed configuration guides on using Next Gen SWG and the types of data collected by SkopeIT.

=================

Two pillars of CASB are visibility and compliance. CASB stands for Cloud Access Security Broker, which is a solution that provides visibility and control over cloud services and web traffic, as well as data and threat protection for cloud users and devices. Visibility is the capability to identify all cloud services in use and assess their risk factors, such as security, auditability, business continuity, etc. Compliance is the capability to ensure that cloud services and data meet the regulatory standards and policies of the organization or industry, such as GDPR, HIPAA, PCI DSS, etc. References: What Is a Cloud Access Security Broker (CASB)? | MicrosoftCASB Guide: What are the 4 Pillars of CASB? - Security Service Edge

To secure all web traffic as part of the initial configuration in the Netskope platform, you need to:

Add the all Web traffic option to the steering configuration: This ensures that all web traffic is routed through Netskope for inspection and policy enforcement. By steering all web traffic, you enable Netskope to apply security measures, such as SSL decryption, threat protection, and DLP, to all HTTP and HTTPS traffic.

Netskope does not automatically steer all web traffic by default; it requires configuration in the steering policies. Selecting all web traffic in the SSL decryption section only pertains to decrypting traffic, not the actual steering of the traffic.

References:

Netskope documentation on configuring steering settings and policies.

Guidelines for setting up web traffic steering and SSL decryption in the Netskope platform.

=================

To block all FTP connections regardless of the ports being used, the following steps should be taken using Netskope's Cloud Firewall:

Real-time Protection Policy:

Create a Real-time Protection policy where FTP is defined as the destination application.

Set the action to "Block" to ensure that any FTP traffic is blocked regardless of the port being used​​​​.

Custom Firewall App Definition:

Create a custom Firewall App Definition specifically for TCP port 21.

Define the action as "Block" to ensure any traffic directed to this port is blocked, preventing FTP access​​​​.

These configurations ensure that FTP traffic is effectively blocked, securing the network from potential threats and unauthorized data transfers via FTP​​​​.

The Building Security in Maturity Model (BSIMM) is a framework that measures and compares the security activities of different organizations. It helps organizations to assess their current security practices and identify areas for improvement. ISO 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and improving an information security management system. It helps organizations to manage their information security risks and demonstrate their compliance with best practices. Data Science Council of America (DASCA) is not a security framework, but a credentialing body for data science professionals. NIST Cybersecurity Framework (NIST CSF) is a security framework, but it is not commonly used to assess and validate a vendor’s security practices, as it is more focused on improving the cybersecurity of critical infrastructure sectors in the United States. References: [BSIMM], [ISO 27001], [DASCA], [NIST CSF].

Netskope's Behavior Analytics rule-based policies are designed to monitor user behavior for patterns that may indicate risky or malicious activities, such as bulk deletions. These policies can identify anomalies in user behavior that deviate from the norm, flagging potential threats and taking appropriate actions to prevent data loss.

Netskope's Behavior Analytics rule-based policies: This feature analyzes user actions and behaviors to detect anomalies and potentially malicious activities. It helps in identifying and mitigating risks associated with compromised accounts, insider threats, and other suspicious activities.

References:

Netskope documentation on Behavior Analytics and its capabilities.

Security best practices for detecting and responding to insider threats and anomalous user behavior.

=================

In this scenario, policy B is more restrictive than policy A, as it blocks users from downloading files from any OS other than Mac or Windows for cloud storage, while policy A only generates alerts when any user downloads, uploads, or shares files on a cloud storage application. Therefore, policy B should be implemented before policy A, as the policy order determines the order of evaluation and enforcement of the policies. If policy A is implemented before policy B, then policy B will never be triggered, as policy A will match all the download activities for cloud storage and generate alerts. The policy order is important; policies are not independent of each other, as they may have overlapping or conflicting conditions and actions. These two policies would actually work together, as long as they are ordered correctly. References: Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 5: Real-Time Policies, Lesson 3: Policy Order.

The NPA (Netskope Private Access) Troubleshooter Tool provides the following status indicators when run:

Steering configuration: This indicates whether the traffic is being correctly steered through the Netskope infrastructure according to the defined policies.

Publisher connectivity: This status shows whether the Netskope Publisher is correctly connected and able to communicate with the Netskope cloud. It ensures that the Publisher, which acts as a gateway, is functioning correctly.

Reachability of the private app: This status verifies if the private application is reachable from the Netskope infrastructure, ensuring that users can access the necessary internal resources.

These indicators help administrators troubleshoot and ensure that the NPA setup is working correctly, providing secure and reliable access to private applications.

References:

Netskope documentation on using the NPA Troubleshooter Tool and the status indicators it provides.

Best practices for troubleshooting NPA connectivity and performance issues.

=================

To take into account some recent adjustments to CCI scoring that were made in your Netskope tenant, you can use the App Tag and App Score aspects in the UI to create a real-time protection policy. The App Tag is a label that indicates the level of enterprise readiness of a cloud app based on its CCI score. The App Score is a numerical value that represents the CCI score of a cloud app based on various criteria such as security, auditability, and business continuity. You can use these aspects to filter cloud apps by their CCI ratings and apply policies accordingly. For example, you can create a policy that blocks access to cloud apps with an App Tag of Poor or an App Score below 50. References: Netskope Cloud Confidence IndexCreating Real-Time Policies for Cloud Applications

A Netskope Virtual Appliance is a software-based appliance that can be deployed on-premises or in the cloud to provide various functions and features for the Netskope Security Cloud platform. One use for deploying a Netskope Virtual Appliance is as an endpoint for Netskope Private Access (NPA), which is a service that allows users to securely access private applications without exposing them to the internet or using VPNs. Another use for deploying a Netskope Virtual Appliance is as a Secure Forwarder to steer traffic from on-premises devices or networks to the Netskope platform for inspection and policy enforcement. Using a Netskope Virtual Appliance as a local reverse-proxy to secure a SaaS application or as a log parser to discover in-use cloud applications are not valid uses, as these functions are performed by other components of the Netskope Security Cloud platform, such as the Cloud Access Security Broker (CASB) or the Cloud XD engine. References: Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 2: Architecture Overview; [Netskope Private Access]; [Netskope Secure Forwarder].

The exhibit displays rules related to detecting compromised accounts, data exfiltration, and malicious insiders. These types of activities are typically analyzed and detected through user behavior analytics, which involves monitoring and analyzing the behavior of users to identify anomalies that may indicate security incidents or threats.

Behavior Analytics is a component of the Netskope platform that focuses on identifying potential security risks based on user behavior. This includes monitoring for compromised accounts, data exfiltration, and identifying malicious insiders. These analytics help in proactively identifying and mitigating threats by analyzing patterns and anomalies in user activities.

References:

The exhibit showing rules related to compromised accounts, data exfiltration, and malicious insiders aligns with the capabilities provided by Behavior Analytics.

Documentation from the Netskope Knowledge Portal on the behavior analytics capabilities supports this identification.

Add the specific IP addresses on the IP Allow List (A):To restrict access to the Netskope Admin UI to specific IP addresses, administrators need to add these IP addresses to the IP Allow List. This ensures that only connections from these specified IP addresses are allowed access to the Admin UI. This configuration is crucial for enhancing security by limiting access to trusted IP addresses only.

Enable and set the User Notification Template to display the custom message (D):To display a custom message to admin users after they have authenticated, administrators need to enable and configure the User Notification Template. This template allows the customization of messages that are shown to users, including after login. This feature is useful for displaying privacy notices, welcome messages, or other important information to users upon successful authentication.

These steps are verified based on the configuration options available within the Netskope Admin UI settings. For more detailed steps and configuration, you can refer to the respective sections in the Netskope documentation.

 Create the Report in Advanced Analytics:

Data Collection:

Use the "Page Events" data collection, which captures detailed user activities on web pages, including edits and uploads.

Filters:

Apply filters to include only the activities "Edit" and "Upload".

Add another filter for the Cloud Confidence Level (CCL) to include only those with "Low" or "Poor" ratings.

This ensures the report focuses on the specified user activities within cloud applications that have lower security ratings.

Steps:

Navigate to Advanced Analytics > Reports.

Create a new report and select "Page Events" as the data collection source.

Apply the necessary filters for activities and CCL values.

 Schedule the Report:

Monthly Recurrence:

Set the report to run on a monthly schedule to ensure regular updates.

Configure the report to be sent via email with a PDF attachment.

Steps:

In the report scheduling options, set the recurrence to monthly.

Specify the email recipients, ensuring the CISO receives the report.

Select PDF as the report format.

 References:

For more details on creating and scheduling reports, refer to the Netskope documentation on Advanced Analytics and report generation​​​​.

The CCI scoring is a way to measure the security posture of cloud applications based on a set of criteria and weights. The default objective score is calculated by Netskope using industry best practices and standards. However, customers can change the CCI scoring to suit their own business needs and risk appetite. For example, a customer may want to place a higher business risk weight on vendors that claim ownership of their data, as this may affect their data sovereignty and privacy rights. Changing the CCI scoring for this reason would be valid, as it reflects the customer’s own security requirements and preferences. Changing the CCI scoring for other reasons, such as discovering a new SaaS application, punishing an application vendor, or using an application under research, would not be valid, as they do not align with the purpose and methodology of the CCI scoring. References: Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 7: Cloud Confidence Index (CCI), Lesson 1: CCI Overview and Lesson 2: CCI Scoring.

Netskope’s DLP solution is a powerful tool that can help customers protect their sensitive data from unauthorized access, exposure, or loss. One use case for Netskope’s DLP solution is to stop unintentional data movement, such as accidental uploads, downloads, or sharing of confidential files or information to or from cloud applications. Another use case for Netskope’s DLP solution is to ensure regulatory compliance, such as GDPR, HIPAA, PCI-DSS, or other industry-specific standards that require data protection and privacy measures. Netskope’s DLP solution can help customers comply with these regulations by detecting and preventing data breaches, enforcing encryption policies, applying data retention rules, and generating audit reports. Detecting malware in files before they are uploaded to a cloud application or detecting sensitive data in password protected files are not use cases for Netskope’s DLP solution, as they are more related to threat protection or file inspection capabilities. References: Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 6: Data Loss Prevention, Lesson 1: DLP Overview.

To obtain and export a list of all hosts including domains and IP addresses that a user accessed through Netskope Private Access for the past seven days, you can follow these steps:

Access the Netskope Web UI: Log in to your Netskope admin console.

Navigate to SkopeIT:

Go to the SkopeIT section in the Netskope admin console.

Private Apps page in SkopeIT:

In the SkopeIT section, navigate to the "Private Apps" page.

Here, you can find detailed information about the private applications accessed by users, including the domains and IP addresses.

Use the filter options to specify the user and the time range (past seven days).

Export the data as needed for your investigation.

Network Events page in SkopeIT:

In the SkopeIT section, navigate to the "Network Events" page.

This page provides a comprehensive list of network events, including details about the hosts accessed through Netskope Private Access.

Again, use the filter options to specify the user and the time range.

Export the data for reporting purposes.

These two locations within the SkopeIT section of the Netskope Web UI will provide you with the necessary data to meet your security team's requirements.

References:

Netskope Knowledge Portal: Using SkopeIT for Network and Private Apps Analysis​​​​​​​​.

To allow access to an application using Netskope Private Access (NPA) with Private Apps steering already enabled for all users, follow these steps:

Create a Private App:

Go to the Netskope admin console.

Navigate to the Private Access section.

Create a new Private App by specifying the necessary details such as app name, IP address, ports, and protocols. This step is essential for defining the private application that users will access through NPA.

Create a Real-time Protection "Allow" Policy:

Navigate to the Policies section in the Netskope admin console.

Create a new Real-time Protection policy.

Set the policy action to "Allow".

Define the criteria for the policy to match the traffic directed to the newly created Private App.

Apply the policy to the relevant users or groups to ensure that access to the Private App is allowed.

Ensure Other Required Settings:

Ensure that SSO (Single Sign-On) is properly configured if it is needed for user authentication.

Verify that Private App steering is enabled for all users, which might already be the case as per the scenario.

References:

Netskope API Documentation: Configuring Private Apps and Real-time Protection Policies​​​​​​​​.

By following these steps, you ensure that the private app is properly defined and that users are allowed to access it through the appropriate Real-time Protection policies. This approach leverages Netskope's capabilities to manage and secure access to private applications seamlessly.

The Cloud Confidence Index (CCI) has several use cases, including:

To identify the activities that Netskope supports for cloud applications: The CCI helps administrators understand which activities are supported and monitored by Netskope for various cloud applications. This includes knowing the types of data that can be protected and the actions that can be controlled within those applications.

To compare similar cloud applications: The CCI provides a comparative assessment of cloud applications based on their security and compliance postures. This allows organizations to make informed decisions about which applications to approve or restrict based on their confidence levels.

These use cases help organizations enhance their security posture by using the CCI to guide application usage policies and ensure compliance with internal standards.

References:

Netskope documentation on Cloud Confidence Index and its applications in policy creation and management.

Guides on using CCI to assess and compare cloud applications for better security and compliance.

=================

A SAML reverse proxy is a service that acts as an intermediary between a SAML service provider (SP) and one or more SAML identity providers (IdPs). It can perform various functions, such as authentication, authorization, load balancing, caching, etc. One scenario where you would use a SAML reverse proxy is when there are multiple SAML IdPs in use and the SAML reverse proxy can help federate them all together. For example, suppose you have an internal application that needs to authenticate users from different domains or organizations, each with their own SAML IdP. Instead of configuring the application to trust each IdP separately, you can use a SAML reverse proxy to act as a single SP for the application and a single IdP for the users. The SAML reverse proxy can then redirect the users to their respective IdPs for authentication and relay the SAML assertions back to the application. This way, you can simplify the integration and management of multiple SAML IdPs and provide a seamless user experience. References: SAML Reverse ProxyWhat is application proxy & SAML SSO?

Identify the Blocked Policy: According to the exhibit, the website is blocked by the "Global Block Policy."

Create a Custom URL List: To create an exception for the domain, you need to first create a custom URL list that includes the domain in question.

Navigate to the URL List section in the Netskope UI.

Create a new URL list and add the domain that needs to be allowed.

Option B: Create a custom category with the custom URL list as an included URL list and add it to an allow policy above the Global Block policy.

Go to the Policy section in the Netskope UI.

Create a new policy, ensuring it is an "Allow" policy.

Add the custom category to this allow policy.

Position this allow policy above the Global Block policy to ensure it takes precedence.

This ensures that the URLs in the custom list are allowed before the Global Block policy is evaluated.

Option C: Add the custom URL list as an excluded URL list to the category in the Global Block policy.

Edit the existing Global Block policy.

Add the custom URL list to the excluded URL list section of this policy.

This will exclude the URLs in the custom list from being blocked by the Global Block policy.

References:

Refer to the Netskope Knowledge Portal for managing custom URL lists and policy configurations​​​​​​.

PCI-DSS stands for Payment Card Industry Data Security Standard, which is a set of security requirements for organizations that handle credit card data. It aims to protect cardholder data from unauthorized access, disclosure, or theft, both in transit and at rest. PCI-DSS covers various aspects of security, such as encryption, authentication, firewall, logging, monitoring, and incident response. If you are working with a large retail chain and have concerns about their customer data, you should use PCI-DSS as the regulatory compliance standard to govern this data. SOC 3, AES-256, and ISO 27001 are not specific to credit card data protection, although they may have some relevance to general security practices. References: [PCI-DSS], [SOC 3], [AES-256], [ISO 27001].

To set up a real-time threat protection policy for patient zero to block previously unseen files until a benign verdict is produced by the Netskope Threat Protection Service, you need to configure the following parameters:

Block Action: This action ensures that any previously unseen file is blocked until it has been analyzed and a verdict has been reached. By blocking the file, the policy prevents potential threats from entering the network until they are deemed safe.

Remediation Profile: This profile defines the actions to be taken when a threat is detected. It includes configuring the alerts and responses (such as notifying administrators) when a file is blocked. This ensures that there is a process in place for handling detected threats and that appropriate measures are taken.

References:

Netskope Threat Protection documentation detailing the setup of real-time threat protection policies.

Configuration guides for policy actions and remediation profiles in the Netskope platform.

=================

When a user is unable to access a newly added private application despite having the correct Real-time Protection policy in place, the NPA (Netskope Private Access) Troubleshooter tool can be used to diagnose and resolve the issue.

Accessing NPA Troubleshooter:

Navigate to the Netskope Web UI.

Go to the Troubleshooting section and select NPA Troubleshooter.

Verifying User Policy:

Check the specific policy applied to the user to ensure that it allows access to the application.

Ensure that there are no conflicting policies that might be blocking access.

Checking Steering Configuration:

Verify that the steering configuration is correctly set up to route the user's traffic to the Netskope platform.

Ensure that the correct gateways are being used and that the traffic is not being bypassed.

Client Status:

Confirm that the Netskope client is installed and running on the user's device.

Check the client logs for any errors or issues that might be preventing access.

Additional Details:

Review any other relevant details such as the user's network configuration, device status, and any recent changes that might have impacted connectivity.

By systematically using the NPA Troubleshooter tool to verify these aspects, you can identify and resolve the underlying issue preventing access to the private application.

References:

REST API v2 Overview - Netskope Knowledge Portal

Using the REST API v2 dataexport Iterator Endpoints - Netskope Knowledge Portal

Using the REST API v2 UCI Impact Endpoints - Netskope Knowledge Portal

netskopesdk · PyPI

Netskope Rest APIv2(OAS 3.1) - Postman Collection

The statement that is true in this scenario is: Certificate-related settings apply to each individual steering configuration level. Certificate-related settings are the options that allow you to configure how Netskope handles SSL/TLS certificates for encrypted web traffic. For example, you can choose whether to allow or block self-signed certificates, expired certificates, revoked certificates, etc. You can also choose whether to enable SSL decryption for specific domains or categories. Certificate-related settings apply to each individual steering configuration level, which means that you can have different settings for different types of traffic or devices. For example, you can have one steering configuration for managed devices and another one for unmanaged devices, and apply different certificate-related settings for each one. This allows you to customize your security policies based on your needs and preferences. References: Netskope SSL DecryptionNetskope Steering Configuration

To mitigate malicious scripts from being downloaded into your corporate devices every time a user goes to a website, you need to use Netskope’s threat protection features to block or isolate potentially harmful web traffic. Two actions that would help you accomplish this task while allowing the user to work are: block malware detected on download activity for all remaining categories and block known bad websites and enable RBI to uncategorized domains. The first action will prevent any files that contain malware from being downloaded to your devices from any website category, except those that are explicitly allowed or excluded by your policies. The second action will prevent any websites that are classified as malicious or phishing by Netskope from being accessed by your users and enable Remote Browser Isolation (RBI) to uncategorized domains, which are domains that have not been assigned a category by Netskope. RBI is a feature that allows users to browse websites in a virtual browser hosted in the cloud, without exposing their devices to any scripts or content from the website. Allowing the user to browse uncategorized domains but restrict edit activities or allowing a limited amount of domains and block everything else are not effective actions, as they may either limit the user’s productivity or expose them to unknown risks. References: [Netskope Threat Protection], [Netskope Remote Browser Isolation].

When adding a new tenant administrator in the Admins page, you can enhance the security for the new account by enabling Multi-Factor Authentication (MFA). MFA adds an extra layer of security by requiring the administrator to provide a second form of verification in addition to the password, thus protecting against unauthorized access.

References:

Netskope documentation on user and admin account management, including the configuration and benefits of enabling MFA.

Security best practices guides from Netskope, emphasizing the importance of MFA for enhanced account security.

 NewEdge Traffic Management:

NewEdge is Netskope's high-performance global network designed to deliver fast and secure access to the internet and cloud applications.

NewEdge Traffic Management ensures efficient routing and traffic steering for optimal performance and security.

 Client Integration:

The Netskope Client uses NewEdge Traffic Management to steer traffic securely to the Netskope cloud.

It ensures that user traffic is routed through the best possible path for performance and security.

The Client component is responsible for redirecting user traffic to the NewEdge network, applying security policies, and ensuring secure access.

 References:

For detailed information on NewEdge Traffic Management and how the Netskope Client utilizes it, refer to the Netskope documentation on traffic management and client configuration​​​​.

If a customer wants to detect misconfigurations in their AWS cloud instances, the Netskope feature that I would recommend to them is Netskope Cloud Security Posture Management (CSPM). Netskope CSPM is a service that provides continuous assessment and remediation of public cloud deployments for risks, threats, and compliance issues. Netskope CSPM leverages the APIs available from AWS and other cloud service providers to scan the cloud infrastructure for misconfigurations, such as insecure permissions, open ports, unencrypted data, etc. Netskope CSPM also provides security posture policies, profiles, and rules that can be customized to match the customer’s security standards and best practices. Netskope CSPM can also alert, report, or remediate the misconfigurations automatically or manually. References: Netskope CSPMCloud Security Posture Management

When accessing an encrypted website (HTTPS), a "certificate not trusted" message in the browser usually occurs because the certificate presented by the website is not issued by a trusted Certificate Authority (CA). A common scenario for this is when a self-signed certificate is installed on the server. Self-signed certificates are not signed by a CA that is recognized by the browser, so the browser cannot verify the authenticity of the certificate, leading to the "certificate not trusted" message.

References:

"If the SSL certificate is self-signed, the browser will not trust the certificate because it has not been issued by a trusted CA."​​​​.

Steering Configuration page under Settings (A):The Steering Configuration page under Settings is used to configure and manage the steering policies, including IPsec and GRE tunnels. This section provides the necessary tools to configure the network traffic routing and ensures that the configurations are set according to the organization's requirements.

IPsec Site and GRE Site pages under Settings (D):These specific pages under the Settings section allow administrators to monitor and manage the status of IPsec and GRE tunnels. They provide detailed information about the tunnel configurations, status, and other metrics that are essential for maintaining the health and performance of the network connections.

These details are confirmed based on the features and configurations available within the Netskope Admin UI settings, as documented in the Netskope Knowledge Portal.

The portion of the interface shown in the exhibit that allows an administrator to set severity, assign ownership, track progress, and perform forensic analysis with excerpts of violating content is Incidents -> DLP. The Incidents dashboard provides a comprehensive view of all the incidents that have occurred in your cloud environment, such as DLP violations, malware infections, anomalous activities, etc. You can filter the incidents by various criteria, such as app name, incident type, severity, user name, etc. You can also drill down into each incident to see more details, such as file name, file path, file owner, file size, file type, etc. You can also assign an owner to an incident, change its status and severity, add notes or comments, and view the excerpts of the violating content that triggered the DLP policy. References: Netskope Incidents Dashboard

In this scenario, you have deployed the Netskope client in Web mode, which is a feature that allows you to steer your users’ web traffic to Netskope for inspection and policy enforcement. However, some users report that their messenger application is no longer working, even though you have a specific real-time policy that allows this application. Upon further investigation, you discover that the messenger application is using proprietary encryption, which means that Netskope cannot decrypt or inspect the traffic from this application. To resolve this issue, you need to permit access to all the users and maintain some visibility. The configuration change that would accomplish this task is to add a policy in the SSL decryption section to bypass the messenger domain(s). This will allow Netskope to skip the decryption process for the traffic from the messenger application and pass it through without any modification. However, Netskope will still be able to log some basic information about the traffic, such as source, destination, bytes, etc., for visibility purposes. Changing the real-time policy to block the messenger application, creating a new custom cloud application using the custom connector, or editing the steering configuration and adding a steering exception for the messenger application are not configuration changes that would accomplish this task, as they would either prevent access to the application, require additional steps or resources, or reduce visibility. References: [Netskope Client], Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 4: Decryption Policy.