Q: 13
You are currently migrating users away from a legacy proxy to the Netskope client in the company’s
corporate offices. You have deployed the client to a pilot group; however, when the client attempts
to connect to Netskope, it fails to establish a tunnel.
In this scenario, what would cause this problem?
Options
Discussion
Makes sense to pick B, since UDP 443 is needed for the DTLS tunnel with Netskope. If the firewall blocks it, no tunnel forms at all. Pretty sure that's the main reason, unless TCP fallback's in use.
Option B for this one. UDP 443 is required for the initial DTLS tunnel, and if that’s blocked, the client can’t even negotiate a fallback unless TCP fallback is enabled (which isn’t mentioned here). Pretty sure C would only matter if all access to EPoT was denied, not just DTLS. Open to arguments if anyone sees it differently.
Pretty sure it's B, since UDP 443 needs to be open for the DTLS tunnel and that's usually blocked by firewalls in corporate environments. Nothing else here would fully prevent the client from connecting at this stage. Agree?
I think it's B. Blocking UDP 443 stops the DTLS tunnel so Netskope can't connect at all.
B, not C. Saw a similar question in an exam report and blocking UDP 443 breaks the DTLS tunnel every time, no tunnel forms without it.
C/D? If TCP fallback is disabled on the pilot config, C starts to make more sense. Otherwise B.
B makes the most sense here. If the firewall is blocking UDP 443, Netskope's DTLS tunnel won't even get off the ground. No mention of TCP fallback, so C isn't it. Pretty sure that's what breaks the pilot group, unless I'm missing something.
B tbh. Official guides plus lab testing around firewalls and protocol handling helped me spot UDP 443 as the showstopper here.
Sounds like B here. Blocking UDP 443 stops DTLS entirely, so the tunnel won't come up if fallback isn't allowed on the client. Pretty sure that's what they're asking for, but I get why some folks think C too depending on config. Agree?
C , had something like this in a mock where blocking EPoT caused tunnel fail.
Be respectful. No spam.
