Exam 350-701 topic 1 question 516 discussion

Correct https://www.denaliai.com/media/1182/cisco-cloud-web-security_data-sheet.pdf

Reference: https://www.denaliai.com/media/1182/cisco-cloud-web-security_data-sheet.pdf According to the reference link (not not available anymore unforunately), A & E are the correct answers. I don't understand how it is possible that if the customer does not own Cisco hardware (E), how can use WCCP for transparent redirection. WCCP is a Cisco proprietary protocol and used only by Cisco. A and B are the correct answers that I would chose in the exam.

I select B and D based on this:https://www.cisco.com/c/en/us/products/collateral/security/content-security-management-appliance/datasheet-c78-729630.html WSAv is simply a WSA (new name: SWA) running on top of a hypervisor. A. Customer owns ASA Appliance and Virtual Form Factor is required. -> ASA is OK for transparent mode, but no need for Virtual Form Factor Router for WAN. B. Customer does not own Cisco hardware and needs Explicit Proxy. -> If it does not have a Cisco device that supports WCCP, then the only choice is the explicit mode. = valid answer C. Customer owns ASA Appliance and SSL Tunneling is required. -> Again, a WCCP capable ASA is can be used for redirection to the WSA.

Agree with A. But E no make sense regarding WCCP is Cisco proprietary and it explicitly write "Customer does not own Cisco hardware". So I am going for A & B

Voting B & E here.... According to Cisco: "The first step to planning the Cisco WSA deployment is to determine how to redirect web traffic to the appliance. There are two possible methods to accomplish the redirection of traffic to Cisco WSA: transparent proxy mode and explicit proxy mode. In a transparent proxy deployment, a WCCP v2-capable network device redirects all TCP traffic with a destination of port 80 or 443 to Cisco WSA, without any configuration on the client. In an explicit proxy deployment, a client application, such as a web browser, is configured to use an HTTP proxy, such as Cisco WSA." https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Aug2013/CVD-WebSecurityUsingCiscoWSADesignGuide-AUG13.pdf

AE B. Customer does not own Cisco hardware and needs Explicit Proxy. - could be anything you can install McAfee (trellix), BlueCoat, Squid whatever ... but but if WSAv is a requirement "A" makes sense

B and E cover two common scenarios of WSA deployment, and both got the right justification for the virtual instance installation.

B E IS OK

I will go B & E. As WSA can handle explicit or transparent (via WCCP) and do a "proxy chain" to Umbrella. As the Question is about virtual WSA, then B & E fit the requirement

diagram in page 2 https://www.denaliai.com/media/1182/cisco-cloud-web-security_data-sheet.pdf

AD the question specifically mentions the Cisco WSA connector and its traffic direction method. The options A and D are related to the WSA connector and its traffic direction method as they mention the use of ASA appliance and the need to support roaming users respectively. While option E is not related to the WSA connector as it is talking about a different method of transparent redirection using WCCP, which is not related to the WSA connector. So the best answer would be A and D, as they are the two environments where the Cisco WSA connector traffic direction method is selected and it is in line with the question.