nerdexam
Cisco

300-725 · Question #32

Which two configuration options are available on a Cisco WSA within a decryption policy? (Choose two.)

The correct answer is A. Pass Through C. Decrypt. Decryption policies on the Cisco WSA control how HTTPS traffic is handled. The two primary actions available within a decryption policy are: Pass Through (A), which allows the encrypted HTTPS session to flow through the WSA without being decrypted or inspected, maintaining end-to

Decryption Policies to Control HTTPS Traffic

Question

Which two configuration options are available on a Cisco WSA within a decryption policy? (Choose two.)

Options

  • APass Through
  • BWarn
  • CDecrypt
  • DAllow
  • EBlock

How the community answered

(50 responses)
  • A
    92% (46)
  • B
    2% (1)
  • D
    4% (2)
  • E
    2% (1)

Explanation

Decryption policies on the Cisco WSA control how HTTPS traffic is handled. The two primary actions available within a decryption policy are: Pass Through (A), which allows the encrypted HTTPS session to flow through the WSA without being decrypted or inspected, maintaining end-to-end encryption between the client and server; and Decrypt (C), which performs SSL/TLS man-in-the-middle inspection by terminating the client's SSL session, inspecting the plaintext content, and re-encrypting traffic to the destination. Other options like Warn (B) and Allow (D) are not decryption policy actions-they appear in access policies. Block (E) can be used to drop connections but is also primarily an access policy action; the core decryption-specific choices are Pass Through and Decrypt.

Topics

#WSA Decryption Policies#HTTPS Decryption#SSL Inspection#Policy Actions

Community Discussion

No community discussion yet for this question.

Full 300-725 Practice