Notifications
Clear all
Topic starter
03/11/2022 9:53 pm
What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)
- A . When the Cisco WSA is running in transparent mode, it uses the WSA’s own IP address as the HTTP request destination.
- B . The Cisco WSA responds with its own IP address only if it is running in explicit mode.
- C . The Cisco WSA is configured in a web browser only if it is running in transparent mode.
- D . The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.
- E . The Cisco WSA responds with its own IP address only if it is running in transparent mode.
Suggested Answer: D,E
Explanation:
The Cisco Web Security Appliance (WSA) includes a web proxy, a threat analytics engine, antimalware engine, policy management, and reporting in a single physical or virtual appliance. The main use of the Cisco WSA is to protect users from accessing malicious websites and being infected by malware. You can deploy the Cisco WSA in two different modes:C Explicit forward modeC Transparent mode In explicit forward mode, the client is configured to explicitly use the proxy, subsequently sending all web traffic to the proxy. Because the client knows there is a proxy and sends all traffic to the proxy in explicit forward mode, the client does not perform a DNS lookup of the domain before requesting the URL. The Cisco WSA is responsible for DNS resolution, as well.
Reference: https://www.cisco.com/c/en/us/tech/content-networking/web-cache-communications-protocol-wccp/index.html->Therefore answer D is correct as redirection can be done on Layer 3 device only. In transparent mode, the client is unaware its traffic is being sent to a proxy (Cisco WSA) and, as a result, the client uses DNS to resolve the domain name in the URL and send the web request destined for the web server (not the proxy). When you configure the Cisco WSA in transparent mode, you need to identify a network choke point with a redirection device (a Cisco ASA) to redirect traffic to the proxy.
WSA in Transparent mode
Reference: CCNP And CCIE Security Core SCOR 350-701 Official Cert Guide-> Therefore in Transparent mode, WSA uses its own IP address to initiate a new connection the Web Server (in step 4 above) -> Answer E is correct. Answer C is surely not correct as WSA cannot be configured in a web browser in either mode. Answer A seems to be correct but it is not. This answer is correct if it states “When the Cisco WSA is running intransparent mode, it uses the WSA’s own IP address as the HTTP request
source” (not destination).
Explanation:
The Cisco Web Security Appliance (WSA) includes a web proxy, a threat analytics engine, antimalware engine, policy management, and reporting in a single physical or virtual appliance. The main use of the Cisco WSA is to protect users from accessing malicious websites and being infected by malware. You can deploy the Cisco WSA in two different modes:C Explicit forward modeC Transparent mode In explicit forward mode, the client is configured to explicitly use the proxy, subsequently sending all web traffic to the proxy. Because the client knows there is a proxy and sends all traffic to the proxy in explicit forward mode, the client does not perform a DNS lookup of the domain before requesting the URL. The Cisco WSA is responsible for DNS resolution, as well.
Reference: https://www.cisco.com/c/en/us/tech/content-networking/web-cache-communications-protocol-wccp/index.html->Therefore answer D is correct as redirection can be done on Layer 3 device only. In transparent mode, the client is unaware its traffic is being sent to a proxy (Cisco WSA) and, as a result, the client uses DNS to resolve the domain name in the URL and send the web request destined for the web server (not the proxy). When you configure the Cisco WSA in transparent mode, you need to identify a network choke point with a redirection device (a Cisco ASA) to redirect traffic to the proxy.
WSA in Transparent mode
Reference: CCNP And CCIE Security Core SCOR 350-701 Official Cert Guide-> Therefore in Transparent mode, WSA uses its own IP address to initiate a new connection the Web Server (in step 4 above) -> Answer E is correct. Answer C is surely not correct as WSA cannot be configured in a web browser in either mode. Answer A seems to be correct but it is not. This answer is correct if it states “When the Cisco WSA is running intransparent mode, it uses the WSA’s own IP address as the HTTP request
source” (not destination).