Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Netskope Exam NSK101 Topic 4 Question 3 Discussion

Actual exam question for Netskope's NSK101 exam
Question #: 3
Topic #: 4
[All NSK101 Questions]

You are working with traffic from applications with pinned certificates. In this scenario, which statement is correct?

Show Suggested Answer Hide Answer
Suggested Answer: A

When working with traffic from applications with pinned certificates, you should add an exception to the steering configuration to bypass them. Pinned certificates are a security technique that prevents man-in-the-middle attacks by validating the server certificates against a hardcoded list of certificates in the application. If you try to intercept or inspect the traffic from such applications, they will reject the connection or display an error message. Therefore, you should add the domains used by certificate-pinned applications as exceptions in your steering configuration, so that they are not steered to Netskope for analysis and enforcement.Reference:Certificate Pinned ApplicationsCreating a Steering Configuration


by Marvel at Mar 18, 2024, 02:32 PM

Limited Time Offer

25%

Off

Get Premium NSK101 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Slyvia
11 days ago
Candidate 1: I think the correct answer is B.
upvoted 0 times
...
Hildred
1 months ago
You know, this reminds me of the time I had to deal with a legacy application that used a hardcoded SSL certificate. Talk about a nightmare! I ended up just throwing the whole thing in the trash and starting over. But I digress, I think the best solution here is to add an exception to the steering config.
upvoted 0 times
...
Jeniffer
1 months ago
Blocking the traffic with pinned certificates is just going to cause a lot of headaches for the end users. Why not just allow the domains in an inline policy? That way, we can still inspect the traffic and maintain control without disrupting the applications.
upvoted 0 times
...
Roxanne
1 months ago
I disagree. I think the best approach is to add the domains used by the certificate-pinned applications to the authentication bypass list. That way, we don't have to worry about the pinned certificates at all, and the traffic can flow freely.
upvoted 0 times
...
Santos
1 months ago
This is a tricky one. The correct answer really depends on how the organization wants to handle certificate-pinned traffic. Personally, I think adding an exception to the steering configuration makes the most sense, as it allows the traffic to flow while still maintaining security controls.
upvoted 0 times
Jerry
15 days ago
C) Traffic with pinned certificates should be blocked.
upvoted 0 times
...
Brittni
16 days ago
Allowing the domains in an inline policy could be another valid option.
upvoted 0 times
...
Vi
17 days ago
D) The domains used by applications with pinned certificates should be allowed in an inline policy.
upvoted 0 times
...
Marjory
18 days ago
Adding an exception to the steering configuration could also work, as long as it doesn't compromise security.
upvoted 0 times
...
Johnna
19 days ago
A) An exception should be added to the steering configuration.
upvoted 0 times
...
Madonna
20 days ago
I agree, adding them to the authentication bypass list seems like a practical approach.
upvoted 0 times
...
Karma
21 days ago
B) The domains used by certificate-pinned applications should be added to the authentication bypass list.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77