300-725 · Question #32
Which two configuration options are available on a Cisco WSA within a decryption policy? (Choose two.)
The correct answer is A. Pass Through C. Decrypt. Decryption policies on the Cisco WSA control how HTTPS traffic is handled. The two primary actions available within a decryption policy are: Pass Through (A), which allows the encrypted HTTPS session to flow through the WSA without being decrypted or inspected, maintaining end-to
Question
Which two configuration options are available on a Cisco WSA within a decryption policy? (Choose two.)
Options
- APass Through
- BWarn
- CDecrypt
- DAllow
- EBlock
How the community answered
(50 responses)- A92% (46)
- B2% (1)
- D4% (2)
- E2% (1)
Explanation
Decryption policies on the Cisco WSA control how HTTPS traffic is handled. The two primary actions available within a decryption policy are: Pass Through (A), which allows the encrypted HTTPS session to flow through the WSA without being decrypted or inspected, maintaining end-to-end encryption between the client and server; and Decrypt (C), which performs SSL/TLS man-in-the-middle inspection by terminating the client's SSL session, inspecting the plaintext content, and re-encrypting traffic to the destination. Other options like Warn (B) and Allow (D) are not decryption policy actions-they appear in access policies. Block (E) can be used to drop connections but is also primarily an access policy action; the core decryption-specific choices are Pass Through and Decrypt.
Topics
Community Discussion
No community discussion yet for this question.