New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Netskope NSK101 Exam - Topic 4 Question 3 Discussion

Actual exam question for Netskope's NSK101 exam
Question #: 3
Topic #: 4
[All NSK101 Questions]

You are working with traffic from applications with pinned certificates. In this scenario, which statement is correct?

Show Suggested Answer Hide Answer
Suggested Answer: A

When working with traffic from applications with pinned certificates, you should add an exception to the steering configuration to bypass them. Pinned certificates are a security technique that prevents man-in-the-middle attacks by validating the server certificates against a hardcoded list of certificates in the application. If you try to intercept or inspect the traffic from such applications, they will reject the connection or display an error message. Therefore, you should add the domains used by certificate-pinned applications as exceptions in your steering configuration, so that they are not steered to Netskope for analysis and enforcement.Reference:Certificate Pinned ApplicationsCreating a Steering Configuration


by Marvel at Mar 18, 2024, 02:32 PM

Limited Time Offer

25%

Off

Get Premium NSK101 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Timothy
3 months ago
D seems logical too, but B feels safer.
upvoted 0 times
...
Tonja
3 months ago
Isn't it risky to add exceptions?
upvoted 0 times
...
Chau
3 months ago
Wait, why would we block traffic with pinned certs? Sounds off.
upvoted 0 times
...
Effie
4 months ago
Definitely agree with that!
upvoted 0 times
...
Jaclyn
4 months ago
I think option B is the right choice.
upvoted 0 times
...
Gabriele
4 months ago
I recall that allowing domains in an inline policy is important for certain applications, so option D could be the correct answer here.
upvoted 0 times
...
Earleen
4 months ago
I’m a bit confused about whether we should block traffic with pinned certificates or allow it. I think blocking might be too strict?
upvoted 0 times
...
Paris
4 months ago
I feel like I saw a similar question about authentication bypass lists in practice exams. Maybe option B is the right choice?
upvoted 0 times
...
Benedict
5 months ago
I think I remember that pinned certificates require special handling, but I'm not sure if that means we need to add them to an exception list or something else.
upvoted 0 times
...
Casie
5 months ago
I'm leaning towards D. Allowing the domains used by the pinned certificate apps in an inline policy could be the right solution, but I'm not 100% confident.
upvoted 0 times
...
Laurene
5 months ago
Option A seems like the way to go here. Adding an exception to the steering configuration is the best approach for dealing with pinned certificate traffic.
upvoted 0 times
...
Celestina
5 months ago
Hmm, I'm not sure about this one. I'll need to think it through carefully. Maybe I should review the material on handling pinned certificates again.
upvoted 0 times
...
Rosina
5 months ago
I think the correct answer is B. The domains used by certificate-pinned applications should be added to the authentication bypass list to allow that traffic to pass through.
upvoted 0 times
...
Florinda
5 months ago
Got it, that makes sense. I'm feeling more confident now. I'll double-check my work, but I believe the correct answer is B) $120,000.
upvoted 0 times
...
Tegan
5 months ago
Hmm, I'm not entirely sure about this one. I think I'll try a combination of options C and D to be safe.
upvoted 0 times
...
Delisa
5 months ago
I feel like this question is similar to one we practiced in class, but the numbers are different. I hope I remember how to calculate the total gross income correctly.
upvoted 0 times
...
Jonelle
5 months ago
This looks like a straightforward question about Cisco's product lines. I should be able to answer this based on my knowledge of Cisco's networking solutions.
upvoted 0 times
...
Noah
2 years ago
Candidate 2: That makes sense, it's important to ensure traffic from these applications is not blocked.
upvoted 0 times
...
Chanel
2 years ago
Candidate 3: We should allow domains used by applications with pinned certificates in an inline policy.
upvoted 0 times
...
Isadora
2 years ago
Candidate 3: I disagree, I think the answer is D.
upvoted 0 times
...
Martin
2 years ago
Candidate 1: Because we need to bypass authentication for domains used by certificate-pinned applications.
upvoted 0 times
...
Rose
2 years ago
Candidate 2: Why do you think that?
upvoted 0 times
...
Slyvia
2 years ago
Candidate 1: I think the correct answer is B.
upvoted 0 times
...
Hildred
2 years ago
You know, this reminds me of the time I had to deal with a legacy application that used a hardcoded SSL certificate. Talk about a nightmare! I ended up just throwing the whole thing in the trash and starting over. But I digress, I think the best solution here is to add an exception to the steering config.
upvoted 0 times
...
Jeniffer
2 years ago
Blocking the traffic with pinned certificates is just going to cause a lot of headaches for the end users. Why not just allow the domains in an inline policy? That way, we can still inspect the traffic and maintain control without disrupting the applications.
upvoted 0 times
...
Roxanne
2 years ago
I disagree. I think the best approach is to add the domains used by the certificate-pinned applications to the authentication bypass list. That way, we don't have to worry about the pinned certificates at all, and the traffic can flow freely.
upvoted 0 times
...
Santos
2 years ago
This is a tricky one. The correct answer really depends on how the organization wants to handle certificate-pinned traffic. Personally, I think adding an exception to the steering configuration makes the most sense, as it allows the traffic to flow while still maintaining security controls.
upvoted 0 times
Jerry
2 years ago
C) Traffic with pinned certificates should be blocked.
upvoted 0 times
...
Brittni
2 years ago
Allowing the domains in an inline policy could be another valid option.
upvoted 0 times
...
Vi
2 years ago
D) The domains used by applications with pinned certificates should be allowed in an inline policy.
upvoted 0 times
...
Marjory
2 years ago
Adding an exception to the steering configuration could also work, as long as it doesn't compromise security.
upvoted 0 times
...
Johnna
2 years ago
A) An exception should be added to the steering configuration.
upvoted 0 times
...
Madonna
2 years ago
I agree, adding them to the authentication bypass list seems like a practical approach.
upvoted 0 times
...
Karma
2 years ago
B) The domains used by certificate-pinned applications should be added to the authentication bypass list.
upvoted 0 times
...
...

Save Cancel