New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Netskope NSK200 Exam - Topic 5 Question 38 Discussion

Actual exam question for Netskope's NSK200 exam
Question #: 38
Topic #: 5
[All NSK200 Questions]

Your customer currently only allows users to access the corporate instance of OneDrive using SSO with the Netskope client. The users are not permitted to take their laptops when vacationing, but sometimes they must have access to documents on OneDrive when there is an urgent request. The customer wants to allow employees to remotely access OneDrive from unmanaged devices while enforcing DLP controls to prohibit downloading sensitive files to unmanaged devices.

Which steering method would satisfy the requirements for this scenario?

Show Suggested Answer Hide Answer
Suggested Answer: B, C

There are two possible scenarios that would cause the behavior of files containing test data for credit cards not triggering DLP events when uploaded to Dropbox. One scenario is that the DLP rule has the severity threshold set to a value higher than the number of occurrences. This means that the rule will only trigger an event if the number of matches for the sensitive data exceeds the specified threshold. For example, if the rule has a severity threshold of 10 and the file contains only 5 credit card numbers, then no event will be generated. To fix this, you can lower the severity threshold or remove it altogether. The other scenario is that the credit card numbers in your test data are invalid 16-digit numbers. This means that the numbers do not pass the Luhn algorithm check, which is a validation method used by Netskope DLP to detect valid credit card numbers. For example, if the number is 1234-5678-9012-3456, then it is not a valid credit card number and will not be detected by Netskope DLP. To fix this, you can use valid test credit card numbers that pass the Luhn algorithm check. The other options are not valid scenarios for this behavior. The Netskope client is not steering Dropbox traffic is not a valid scenario because there are corresponding page events, which means that the traffic is being steered to Netskope.There is no API protection configured for Dropbox is not a valid scenario because API protection is not required for DLP detection on file uploads, which are handled by real-time protection.Reference:DLP Rule Settings1,Credit Card Number Detection2


by Eric at Mar 18, 2025, 08:22 AM

Limited Time Offer

25%

Off

Get Premium NSK200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Maurine
2 months ago
Wait, can unmanaged devices really be secure enough for this?
upvoted 0 times
...
Rosalind
2 months ago
Forward proxy might not enforce DLP effectively.
upvoted 0 times
...
Goldie
2 months ago
I think proxy chaining could complicate things too much.
upvoted 0 times
...
Katina
3 months ago
A reverse proxy with SSO sounds solid for access control.
upvoted 0 times
...
Carry
3 months ago
Definitely need to ensure DLP is tight if using any remote access!
upvoted 0 times
...
Stevie
3 months ago
I think the secure forwarder option could work, but I’m not clear on how it integrates with SSO and DLP controls.
upvoted 0 times
...
Penney
3 months ago
I have a vague recollection that forward proxies can help with SSO, but I’m uncertain if they can handle DLP for unmanaged devices.
upvoted 0 times
...
Johnathon
4 months ago
This question feels similar to one we practiced about accessing cloud services securely. I think proxy chaining might be the right choice here.
upvoted 0 times
...
Katina
4 months ago
I remember we discussed reverse proxies in class, but I'm not entirely sure if they can enforce DLP controls effectively.
upvoted 0 times
...
Jacki
4 months ago
I'm not sure about the proxy chaining option. It sounds like it might be overkill for this scenario. I'll focus on the reverse proxy and forward proxy approaches.
upvoted 0 times
...
Darell
4 months ago
I'm feeling pretty confident about this one. The reverse proxy integrated with SSO seems like the most straightforward way to meet the requirements.
upvoted 0 times
...
Tom
4 months ago
Okay, I think I've got this. The key is to find a solution that allows remote access while still enforcing DLP controls. I'm leaning towards the reverse proxy option.
upvoted 0 times
...
Goldie
5 months ago
Hmm, I'm a bit confused by the different proxy options. I'll need to review the details of each to determine which one best fits the scenario.
upvoted 0 times
...
Tiffiny
5 months ago
This seems like a tricky one. I'll need to think through the requirements carefully to figure out the best approach.
upvoted 0 times
...
Simona
9 months ago
I'm just impressed they're even considering remote access. Back in my day, we had to hike 10 miles through the snow to get to the nearest OneDrive kiosk!
upvoted 0 times
...
Irene
10 months ago
Wait, are we talking about a corporate OneDrive or a personal one? Because if it's personal, I'm just gonna sneak in a copy of the files on a USB drive. No one will ever know!
upvoted 0 times
Dacia
9 months ago
B) Use proxy chaining with their cloud service providers integrated with their SSO.
upvoted 0 times
...
Talia
9 months ago
C) Use a forward proxy integrated with their SSO.
upvoted 0 times
...
Mattie
9 months ago
A) Use a reverse proxy integrated with their SSO.
upvoted 0 times
...
...
Devon
10 months ago
Ooh, a secure forwarder integrated with an on-premises proxy? That sounds like a pretty robust solution. I'll have to give that one some more thought.
upvoted 0 times
Refugia
8 months ago
C) Use a forward proxy integrated with their SSO.
upvoted 0 times
...
Leonor
9 months ago
B) Use proxy chaining with their cloud service providers integrated with their SSO.
upvoted 0 times
...
Carylon
9 months ago
A) Use a reverse proxy integrated with their SSO.
upvoted 0 times
...
...
Omega
10 months ago
Hmm, I'm not sure. Option B with proxy chaining might be a bit overkill for this scenario. I'd probably go with the simpler solution of a reverse proxy.
upvoted 0 times
Elenore
8 months ago
I think a reverse proxy would be the most straightforward solution for this scenario.
upvoted 0 times
...
Elmira
9 months ago
Yeah, a reverse proxy would probably be easier to implement and still meet the requirements.
upvoted 0 times
...
Nikita
9 months ago
I agree, option B does seem like overkill. A reverse proxy might be the way to go.
upvoted 0 times
...
...
Genevieve
10 months ago
I think option C is the way to go. Using a forward proxy integrated with their SSO will allow remote access while still enforcing DLP controls.
upvoted 0 times
Elza
8 months ago
Option C is definitely the way to go to meet the customer's requirements.
upvoted 0 times
...
Serina
8 months ago
It makes sense to use a forward proxy to enforce DLP controls while allowing remote access.
upvoted 0 times
...
Wilbert
9 months ago
I think using a forward proxy integrated with their SSO is the most secure option.
upvoted 0 times
...
Raul
10 months ago
I agree, option C seems like the best choice for this scenario.
upvoted 0 times
...
...
Phil
10 months ago
I'm not sure, but I think option C) using a forward proxy integrated with their SSO could also work.
upvoted 0 times
...
Tresa
11 months ago
I agree with Janae. A reverse proxy would allow remote access while enforcing DLP controls.
upvoted 0 times
...
Janae
11 months ago
I think option A) using a reverse proxy integrated with their SSO would work best.
upvoted 0 times
...

Save Cancel