Exam 350-701 topic 1 question 197 discussion

A and D are correct. - In explicit proxy mode, users are configured to use a web proxy and the web traffic is sent directly to the Cisco WSA. In contrast, in transparent proxy mode the Cisco WSA intercepts user's web traffic redirected from other network devices, such as switches, routers, or firewalls.

A and D is correct. No doubt it.

I am sure about "D" as a the traffic is redirected on a L3 device with PBR (or similar solution). "A" would be fine without the word "only". The WSA is a full proxy, maintaining separate sessions btw. client - proxy and proxy - webserver. The source IP of the response is surely the ip of the proxy in the client-proxy connection with Explicit mode, when the client directly communicates with the proxy. However, I am not sure the redirected Transparent mode, as again the proxy is sitting in between the client and the webserver. I assume that the client does not get the response directly from the webserver, but rather from the proxy. So the source ip should be from the proxy (or does it spoof the source ip?).

Transparent means it has no L3 interface

Reference: CCNP And CCIE Security Core SCOR 350-701 Official Cert Guide-> Therefore in Transparent mode, WSA uses its own lP address to initiate a new connection the Web Server

When requests are being redirected to the WSA transparently, the WSA must pretend to be the OCS (origin content server), since the client is unaware of the existence of a proxy. On the contrary, if a request is explicitly sent to the WSA, the WSA will respond with it's own IP information.

C&E is correct https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117940-qa-wsa-00.html