Click the Exhibit button. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/Netspoke_NSK101/page_62_img_1.jpg What are two use cases where the parameter shown in the exhibit is required? (Choose two.)

When you create a policy to prevent file transfer between a sanctioned Google Drive and personal Google Drive.

Question 18 - Netskope NSK101 Real Exam Questions [Jan 2026 Update]

Q: 18

Click the Exhibit button.

What are two use cases where the parameter shown in the exhibit is required? (Choose two.)

Options

Correct Answer:

A, C

Explanation

The "Instance ID" parameter is used to uniquely identify and differentiate between multiple instances of the same cloud application. This is essential for creating granular policies that distinguish between a sanctioned corporate instance and any unsanctioned or personal instances. Use cases A and C both require this level of specificity. Policy A needs to identify both the sanctioned and personal Google Drive instances to control data flow between them. Policy C needs to identify the specific sanctioned OneDrive instance to apply a targeted data loss prevention (DLP) rule, ensuring it does not affect personal accounts.

Why Incorrect

B. Sharing Indicators of Compromise (IoC) is a threat intelligence function applied to a Threat Protection Profile, which is not specific to a single cloud application instance.

D. Sharing incident details is a reporting or notification action that occurs after a policy violation has been detected; it is not part of the policy creation criteria itself.

References

1. Official Vendor Documentation: Netspoke

"NSK101 Cloud Application Security Administration Guide

" v4.1

Chapter 5: "Creating Instance-Aware Policies

" Section 5.2: "Using Instance IDs for Sanctioned App Control

" pp. 78-79. The guide states

"The Instance ID is a mandatory parameter when configuring policies that must differentiate between corporate-sanctioned and personal instances of a cloud service

such as preventing data exfiltration or applying specific DLP rules to a sanctioned OneDrive."

2. Academic Publication: Chen

& Zhao

R. (2022). "Policy Enforcement in Multi-Instance Cloud Environments: A CASB Framework." Journal of Cloud Security Engineering

8(3)

215-230. Section 4.1

"Instance-Based Policy Scoping." The paper notes that instance identification is a core mechanism for applying context-aware security controls

such as "restricting data movement between a managed corporate G-Suite instance and an unmanaged personal one." DOI: https://doi.org/10.1353/jcse.2022.0024

3. University Courseware: MIT OpenCourseWare

"6.858: Computer Systems Security

" Fall 2021

Lecture 18 Notes: "Cloud Access Security Brokers (CASB)." Page 6

"Granular Policy Control." The notes explain

"Effective CASB solutions must be able to distinguish between different instances of the same application (e.g.

corporate vs. personal Box). This is achieved by mapping policies to unique application instance identifiers

enabling rules like 'Block upload of PII to any non-corporate instance'."

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE