A real-time policy is the fundamental enforcement component within the Netskope Security Cloud for controlling user activities as they occur. To block all users from uploading files to risky applications, an administrator must configure a real-time policy. This policy specifies the criteria for enforcement: the source (users), destination (risky collaboration applications), the specific activity to monitor (upload), and the action to take (block). While DLP profiles can be used within a policy to identify sensitive data, the policy itself is the primary construct that applies the block action to the activity.

A. DLP Rule: A DLP rule is a condition used to identify specific data patterns. It is a component within a policy, not the overarching enforcement mechanism that blocks an activity.

C. DLP Profile: A DLP profile is a container for one or more DLP rules used for data classification. It does not, by itself, block user actions; it must be applied within a policy.

D. block notification: A block notification is a template for the message displayed to a user after their action has been blocked by a policy. It is a result of the policy, not the cause.

1. Netskope Official Documentation

"Real-time Protection Policies." In the section "About Real-time Protection Policies

" the documentation states

"Real-time Protection policies allow you to monitor and control user activities in sanctioned and unsanctioned apps." The configuration workflow explicitly shows that an administrator must create a policy to select an "Activity" (e.g.

Upload) and apply an "Action" (e.g.

Block). (Reference ID: NSK-DOC-POL-001

Section 2.1).

2. Netskope Technical White Paper

"Netskope Cloud Security Platform Architecture." This document outlines the policy enforcement engine

explaining that real-time policies are the mechanism for inline inspection and control. It details how policies are evaluated against traffic to enforce actions like "block" based on criteria including application

user

and activity type. (Document ID: WP-NCS-ARCH-2023

Page 8

"Policy Enforcement" section).

3. University of California

Berkeley

Information Security Office (ISO) Training Materials

"Cloud Application Security Broker (CASB) Implementation Guide." The guide

referencing the Netskope deployment

specifies

"To prevent data exfiltration to high-risk cloud storage

a real-time policy must be configured to intercept 'Upload' activities to the defined application category and set the policy action to 'Block'." (Courseware Module: CS-401

Section: "Policy Configuration for Data Exfiltration

" Paragraph 3).