NSK300 Questions Bank

When using Netskope’s API-enabled Protection for supported SaaS applications, the valid instance types are:

• API Data Protection (B): This type is used to connect to cloud apps using APIs to find sensitive content, enforce policy controls, and quarantine malware1.
• DLP Scan (D): This instance type involves scanning for data loss prevention, which is a key component of Netskope’s API Data Protection1.
• Quarantine (E): This instance type allows for the isolation of potentially harmful or sensitive data until it can be reviewed or remediated1.

Behavior Analytics © and Forensic (A) are not listed as instance types for API-enabled Protection in the provided resources.

References: The answers are based on the information available in the Netskope Knowledge Portal and the documentation for Classic API Data Protection

For devices not owned by the organization, using an explicit proxy along with the Netskope Client is the best approach to steer traffic for inspection. This method allows for granular control over the traffic, ensuring that only the traffic destined for the company’s instance of Microsoft 365 is inspected by Netskope. The explicit proxy configuration can be applied regardless of whether the users are on-premises or off-premises, providing a consistent steering mechanism for all users.

References: The steering configuration for non-owned devices and the use of explicit proxy in conjunction with the Netskope Client are detailed in the Netskope Knowledge Portal. The portal provides guidelines on how to set up steering configurations to direct traffic from end users to the Netskope Cloud for real-time analysis, which is applicable for both managed and unmanaged devices1

To ensure that the web application using HTTPS on port 6443 is both reachable and decrypted by Netskope, the correct action is toenable “Steer non-standard ports” in the steering configuration and add the domain and port as a new non-standard port. This is because Netskope’s default configuration steers standard HTTP/HTTPS traffic, typically on ports 80 and 443.Since port 6443 is a non-standard port for HTTPS traffic, it requires explicit configuration to be steered through Netskope1.

References: The process for configuring non-standard ports in Netskope is detailed in the Netskope Knowledge Portal, which provides step-by-step instructions on how to steer HTTP(S) traffic over non-standard ports1. This includes adding the specific non-standard port number in the steering configuration to ensure that traffic to and from that port is properly handled by Netskope.