An engineer is configuring Cisco WSA and needs to ensure end clients are protected against DNS spoofing attacks. Which deployment method accomplishes this goal?
Explicit Proxy
- Client requests a website
- Browser connects first to WSA
- WSA connects to a website
- Firewall usually only allows web traffic from proxy
- DNS Resolutions done by WSA
Transparent Proxy
+ Client requests a website
+ Browser tries to connect to the website
+ Network Device redirects traffic to WSA using WCCP
+ WSA proxies the request
+ DNS Resolution is done by the Client
Reference: https://www.youtube.com/watch?v=s8OnuxnUydg (1:20)
C:In the explicit forward deployment mode, the client's web browser is configured to use the Cisco WSA as its explicit proxy for HTTP and HTTPS traffic. The explicit forward deployment method allows the Cisco WSA to intercept and inspect the DNS (Domain Name System) requests made by the clients. It can then compare the requested domain names with a list of known malicious or spoofed domains to detect and prevent DNS spoofing attacks.
By examining the DNS requests and responses, the Cisco WSA can ensure that the resolved IP addresses match the expected legitimate IP addresses associated with the requested domain names. If a spoofed or malicious DNS response is detected, the Cisco WSA can prevent the client from accessing the fraudulent site, thereby protecting against DNS spoofing attacks.
Quote from the OCG:
"Because the client knows there is a proxy and sends all traffic to the proxy in explicit forward mode, the client does not perform a DNS lookup of the domain before requesting the URL. The Cisco WSA is responsible for DNS resolution, as well."
I think this question is trying to emphasis the word "ensure".
Since explicit forward requires the cisco secure web appliance to be defined in the endpoint's configuration as the proxy server, transparent mode would make more sense for ensuring traffic to get to the Cisco Secure Web Appliance.
Transparent mode requires you to configure a choke point to catch all the web traffic and redirect it to the Cisco Secure Web appliance.
This would mitigate issues with the guy deploying assets in your network forgetting to configure the asset or in a BYOD situation.
Also I believe that the appliance doesn't have an internal DNS server, if the DNS records are poisoned, then it would still send traffic to that false site. The appliance would protect you by looking and dropping malicious content or the domain would be on a blocked list regardless of the mode.
A & B are the same so discarded. With Explicit Proxy the WSA is the one that cast the DNS request and not the user so it is easier to offer DNS protection if only WSA does the DNS requests
WCCP can use both transparent and non-transparent mode.
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Directly_Connected
Highly Voted 2 years, 2 months agosull3y
Highly Voted 1 year, 12 months agoBubu3k
Most Recent 10 months agoch1be2les3
1 year, 6 months agoOrez108
2 years, 1 month agobmayer
2 years, 2 months agoJoseph47
2 years, 3 months agoJoseph47
2 years, 3 months agoTuxzinator
2 years, 3 months ago