Netskope Exam NSK300 Topic 1 Question 17 Discussion

Actual exam question for Netskope's NSK300 exam

Question #: 17
Topic #: 1

Users in your network are attempting to reach a website that has a self-signed certificate using a GRE tunnel to Netskope. They are currently being blocked by Netskope with an SSL error. How would you allow this traffic?

AConfigure a Do Not Decrypt SSL Decryption rule to allow traffic to pass.

BConfigure a Real-time Protection policy with the action set to Allow.

CSet the No SNI setting in Netskope to Bypass.

DEnsure that the users add the self-signed certificate to their local certificate store.

Show Suggested Answer

Suggested Answer: A

To allow traffic from a website with a self-signed certificate that is being blocked by Netskope with an SSL error, the correct action is to configure a Do Not Decrypt SSL Decryption rule. This rule will allow the traffic to pass without being decrypted, thus bypassing the SSL error caused by the self-signed certificate. This is a common practice for handling traffic from trusted internal applications or specific external sites that use self-signed certificates1.

by Hector at Sep 13, 2024, 03:00 PM

Limited Time Offer

25%

Off

Get Premium NSK300 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Jeanice

2 months ago

Wait, there's a GRE tunnel involved? This is getting more complicated than a bowl of spaghetti. I'll go with D, just to be safe.

upvoted 0 times

Cristy

26 days ago

User 3: I agree, let's try that first before exploring other options.

upvoted 0 times

...

Raina

28 days ago

User 2: That sounds like a good idea. Let's go with that.

upvoted 0 times

...

Cherry

1 months ago

User 1: I think we need to configure a Do Not Decrypt SSL Decryption rule to allow traffic to pass.

upvoted 0 times

...

William

2 months ago

Ah, the joys of SSL/TLS troubleshooting. I bet the IT team is just loving this one. Option D for the win!

upvoted 0 times

...

Roselle

2 months ago

Dude, just tell them to use the right certificate. What could possibly go wrong? LOL!

upvoted 0 times

Lindsay

1 months ago

C) Set the No SNI setting in Netskope to Bypass.

upvoted 0 times

...

Robt

2 months ago

B) Configure a Real-time Protection policy with the action set to Allow.

upvoted 0 times

...

Francis

2 months ago

A) Configure a Do Not Decrypt SSL Decryption rule to allow traffic to pass.

upvoted 0 times

...

Stephen

2 months ago

I'm not sure, maybe we should also consider setting the No SNI setting in Netskope to Bypass.

upvoted 0 times

...

Elenor

2 months ago

Hmm, I'm not sure. Maybe B or C could work too. I'll have to think this through a bit more.

upvoted 0 times

Lucia

2 months ago

Let's go with A then, it should help resolve the SSL error.

upvoted 0 times

...

Albina

2 months ago

I agree, A seems like the most appropriate solution in this case.

upvoted 0 times

...

Portia

2 months ago

I think A is the best option to allow the traffic.

upvoted 0 times

...

Walton

3 months ago

I agree with Paola, that sounds like the best option to allow the traffic.

upvoted 0 times

...

Paola

3 months ago

I think we should configure a Do Not Decrypt SSL Decryption rule to allow traffic to pass.

upvoted 0 times

...

Eugene

3 months ago

I think the answer is D. Adding the self-signed certificate to the local store is the way to go. Easy peasy!

upvoted 0 times

Valentin

2 months ago

D) Ensure that the users add the self-signed certificate to their local certificate store.

upvoted 0 times

...

Kasandra

3 months ago

A) Configure a Do Not Decrypt SSL Decryption rule to allow traffic to pass.

upvoted 0 times

...