Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Netskope Exam NSK200 Topic 3 Question 30 Discussion

Actual exam question for Netskope's NSK200 exam
Question #: 30
Topic #: 3
[All NSK200 Questions]

You are given an MD5 hash of a file suspected to be malware by your security incident response team. They ask you to offer insight into who has encountered this file and from where was the threat initiated. In which two Skope IT events tables would you search to find the answers to these questions? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: A, C

To find the answers to the questions posed by the security incident response team, you need to search in the Application Events and Alerts tables in Skope IT. The Application Events table shows the details of the cloud application activities performed by the users, such as upload, download, share, etc.You can filter the Application Events table by the MD5 hash of the file to find out who has encountered this file and from which cloud service it was downloaded1. The Alerts table shows the details of the policy violations triggered by the users, such as DLP, threat protection, anomaly detection, etc.You can filter the Alerts table by the MD5 hash of the file to find out if this file was detected as malware by Netskope and what action was taken2. Therefore, options A and C are correct and the other options are incorrect.Reference:Application Events - Netskope Knowledge Portal,Alerts - Netskope Knowledge Portal


by Yan at Sep 13, 2024, 12:58 PM

Limited Time Offer

25%

Off

Get Premium NSK200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Felicidad
2 months ago
This is a classic security incident response scenario. Good thing they didn't ask us to actually analyze the MD5 hash - that would be way above my pay grade!
upvoted 0 times
Jacquelyne
1 months ago
B) Network Events
upvoted 0 times
...
Malissa
1 months ago
B) Network Events
upvoted 0 times
...
Carmen
1 months ago
A) Application Events
upvoted 0 times
...
Paris
2 months ago
A) Application Events
upvoted 0 times
...
...
Aaron
2 months ago
Haha, I bet the security team wishes they could just search the 'Catch All the Bad Guys' table! But in reality, Alerts and Network Events are the way to go.
upvoted 0 times
Iluminada
2 months ago
B) Network Events
upvoted 0 times
...
Ezekiel
2 months ago
A) Application Events
upvoted 0 times
...
...
Latonia
2 months ago
I would also consider looking in Application Events table for more insights.
upvoted 0 times
...
Keena
3 months ago
I agree with Gilma, those tables would have the information we need.
upvoted 0 times
...
Chauncey
3 months ago
Hmm, I was thinking D) Page Events might also be relevant since the malware could have been downloaded from a web page. But I guess the Alerts and Network Events tables make more sense.
upvoted 0 times
India
2 months ago
B) Network Events
upvoted 0 times
...
Page
2 months ago
A) Application Events
upvoted 0 times
...
...
Shanda
3 months ago
The correct answer is definitely C) Alerts and B) Network Events. Those are the tables that would contain information about suspicious activity and network traffic related to the suspected malware file.
upvoted 0 times
Melynda
2 months ago
After that, we can move on to Network Events to track the source of the threat.
upvoted 0 times
...
Hubert
2 months ago
Let's start by analyzing the data in Alerts first.
upvoted 0 times
...
Beckie
2 months ago
Agreed, we should also look into Network Events for information on where the threat originated.
upvoted 0 times
...
Ruby
3 months ago
I think we should check Alerts for any suspicious activity.
upvoted 0 times
...
...
Gilma
3 months ago
I think I would search in Network Events and Alerts tables.
upvoted 0 times
...

Save Cancel