A financial services company is implementing Netskope Private Access (NPA) to provide Zero Trust access to internal applications. They have a requirement that access to their core banking API, hosted in an AWS VPC, must be restricted to only corporate-issued devices that have the latest security patches. Which two components are essential to enforce this device posture-based access control? (Select TWO)
A security administrator at a global logistics company is analyzing traffic in Skope IT. They notice a significant number of 'Policy Block' events for the 'Upload' activity to the 'Personal Storage' app category, originating from the R&D department. The administrator needs to quickly understand the context of these blocks, including which specific files were blocked and which DLP profiles were triggered, to determine if this is a training issue or a malicious attempt at data exfiltration. What is the most efficient first step within Skope IT to gather this specific information?
A healthcare organization is deploying the Netskope client to all endpoints to enforce HIPAA compliance policies. They have a critical internal Electronic Health Record (EHR) application that is accessed via a web interface hosted at `ehr.clinic.internal`. This application's traffic must NOT be sent to the Netskope cloud for inspection due to performance sensitivity and the use of client-side certificates for authentication, which are incompatible with SSL inspection. How should the administrator configure traffic steering to meet this requirement?
True or False: The Netskope Cloud Confidence Index (CCI) score for a newly discovered cloud application is static and can only be updated by Netskope's research team.
A multinational corporation uses Netskope's Cloud Exchange (CE) to automate threat response. They have integrated Netskope with their SIEM and SOAR platforms. A security analyst needs to design a workflow that automatically blocks the hash of any file identified as malware by Netskope's Advanced Threat Protection (ATP) on their other security tools, such as endpoint detection and response (EDR) agents. Which Cloud Exchange module is specifically designed for this purpose?
A retail company is using Netskope to secure its use of Microsoft 365. The security team created a DLP policy to prevent files containing more than 10 unique PCI-DSS data identifiers from being shared externally from OneDrive. An employee attempts to share a sensitive customer data spreadsheet with an external partner via a OneDrive link and is blocked. The security team wants to verify that the block was due to the correct policy and not a misconfiguration. Which log source in the Netskope UI provides the most direct evidence of this DLP policy violation?
An administrator is setting up a new Netskope tenant. The company uses Okta as its Identity Provider (IdP) and wants to provision users and groups automatically into Netskope. Which standard protocol must be configured in both Okta and Netskope to enable this automated user provisioning?
A manufacturing company has deployed GRE tunnels from its branch offices to the Netskope NewEdge network for web security. Users in one specific branch office report slow performance when accessing both internal and external websites. A network administrator needs to determine if the latency is being introduced by the user's LAN, the WAN connection to Netskope, or within the NewEdge network itself. Which Netskope feature provides the most comprehensive, end-to-end visibility to diagnose this issue?
When configuring an inline, real-time policy in Netskope, what is the fundamental difference between the 'User' and 'Source User' criteria?
A university wants to allow students to use generative AI tools for research but needs to prevent them from uploading sensitive research data or personally identifiable information (PII) into these applications. Which combination of Netskope features is BEST suited to meet this requirement? (Select TWO)