Netskope Certified Cloud Security Expert (NCCSE) — Question 20

You built a number of DLP profiles for different sensitive data types. If a file contains any of this sensitive data, you want to take the most restrictive policy action but also create incident details for all matching profiles.
Which statement is correct in this scenario?

Answer options

• A. Create a Real-time Protection policy for each DLP profile: each matched profile will generate a unique DLP incident.
• B. Create a Real-time Protection policy for each DLP profile: all matched profiles will show up in a single DLP incident.
• C. Create a single Real-time Protection policy and include all of the DLP profiles; each matched profile will generate a unique DLP incident.
• D. Create a single Real-time Protection policy and include all of the DLP profiles; all matched profiles will show up in a single DLP incident.

Correct answer: D

Explanation

The correct answer is D because creating a single Real-time Protection policy that includes all DLP profiles allows for streamlined incident reporting, with all matched profiles logged in one incident. Options A and C incorrectly suggest that each matched profile generates a unique incident, which does not align with the goal of consolidating incident details. Option B, while close, does not specify that the most restrictive policy action is enforced.