Q: 2
You are using Skope IT to analyze and correlate a security incident. You are seeing too many events
generated by API policies. You want to filter for logs generated by the Netskope client only.
Options
Discussion
Probably A for this one, since selecting access_method and choosing Client narrows results to just agent-generated events. I saw a similar question in practice and "Client" was the right pick for cutting out API traffic. Open to pushback if I'm missing something here.
saw pretty similar problem in my exam in some exam reports, it's A
Maybe D, since neq Client sounds like it would leave client-only logs.
A
Not B, A makes more sense for filtering Netskope client logs. Tunnel (B) is a trap since that grabs VPN/GRE/IPsec stuff, not the agent events. Using access_method "Client" narrows it down right to what the question asks. Pretty sure that's what Skope IT expects here, unless they're wording is weird.
B vs A here. Tunnel always looks tempting for endpoint sources, but in Skope IT filtering, Client specifically isolates agent logs and ignores API event noise. I think A is right for just client logs, unless the question switched gears to all endpoint/mixed tunnel data.
A , since filtering by access_method and picking Client will zero in on just the Netskope client logs. Pretty standard use case if you want to cut API noise. Correct me if I missed something.
Pretty sure it's A, use access_method filter and pick Client to get only Netskope client logs. That's the expected behavior here.
A using access_method filter and picking Client gives you just the Netskope client logs. That's what you'd do to filter out noise from API policy events. Pretty sure that's how the UI works, but correct if I'm off.
D imo, using neq Client looks like it would exclude the client logs but still keep everything else. I used to mix that up because neq isn't a positive filter. Anyone else tried this in actual Skope IT?
Be respectful. No spam.
