Netskope Certified Cloud Security Expert (NCCSE) — Question 27

You have an NG-SWG customer that currently steers all Web traffic to Netskope using the Netskope Client. They have identified one new native application on Windows devices that is a certificate-pinned application. Users are not able to access the application due to certificate pinning. The customer wants to configure the Netskope Client so that the traffic from the application is steered to Netskope and the application works as expected.
Which two methods would satisfy the requirements? (Choose two.)

Answer options

• A. Bypass traffic using the bypass action in the Real-time Protection policy.
• B. Configure the SSL Do Not Decrypt policy to not decrypt traffic for domains used by the native application.
• C. Configure domain exceptions in the steering configuration for the domains used by the native application.
• D. Tunnel traffic to Netskope and bypass traffic inspection at the Netskope proxy.

Correct answer: B, C

Explanation

The correct answers, B and C, provide methods to ensure that the traffic from the certificate-pinned application is either not decrypted or explicitly allowed, thus preventing the access issues. Option A is incorrect because it does not specifically address the needs of the certificate-pinned application, and option D fails to meet the requirement of steering the traffic appropriately.