Netskope Exam NSK101 Topic 1 Question 12 Discussion

Actual exam question for Netskope's NSK101 exam

Question #: 12
Topic #: 1

You have applied a DLP Profile to block all Personally Identifiable Information data uploads to Microsoft 365 OneDrive. DLP Alerts are not displayed and no OneDrive-related activities are displayed in the Skope IT App Events table.

In this scenario, what are two possible reasons for this issue? (Choose two.)

AThe Cloud Storage category is in the Steering Configuration as an exception.

BThe destination domain is excluded from decryption in the decryption policy.

CA Netskope POP is not in your local country and therefore DLP policies cannot be applied.

DDLP policies do not apply when using IPsec as a steering option.

Show Suggested Answer

Suggested Answer: C, D, E

The three technologies that describe the primary cloud service models as defined by the National Institute of Standards and Technology (NIST) are Platform as a Service (PaaS), Software as a Service (SaaS), and Infrastructure as a Service (IaaS). These service models are based on the type of computing capability that is provided by the cloud provider to the cloud consumer over a network. According to NIST, these service models have the following definitions:

Platform as a Service (PaaS): The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.

Software as a Service (SaaS): The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

Infrastructure as a Service (IaaS): The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).

by Albina at Jun 01, 2024, 06:05 AM

Limited Time Offer

25%

Off

Get Premium NSK101 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Selma

20 days ago

I'm just gonna go with B and C. Excluding the destination domain from decryption and having the Netskope POP outside the local country both sound like they could cause this problem. I'm not even gonna try the IPsec option, that's just asking for trouble!

upvoted 0 times

...

I agree, if the destination domain is excluded from decryption, DLP policies won't work.

upvoted 0 times

...

Elden

2 months ago

I think option A could be a reason because the Cloud Storage category might be exempted.

upvoted 0 times

...