Netskope Certified Cloud Security Expert (NCCSE) — Question 13

A company has deployed Explicit Proxy over Tunnel (EPoT) for their VDI users. They have configured Forward Proxy authentication using Okta Universal Directory. They have also configured a number of Real-time Protection policies that block access to different Web categories for different AD groups so, for example, marketing users are blocked from accessing gambling sites. During User Acceptance Testing, they see inconsistent results where sometimes marketing users are able to access gambling sites and sometimes they are blocked as expected. They are seeing this inconsistency based on who logs into the VDI server first.
What is causing this behavior?

Answer options

• A. Forward Proxy is not configured to use the Cookie Surrogate.
• B. Forward Proxy is not configured to use the IP Surrogate.
• C. Forward Proxy authentication is configured but not enabled.
• D. Forward Proxy is configured to use the Cookie Surrogate.

Correct answer: B

Explanation

The issue arises because the Forward Proxy is not configured to use the IP Surrogate, which is necessary for consistent access control based on user identity. The other options either suggest incorrect configurations or misinterpretations of the authentication setup, which do not directly address the inconsistency observed.