[TABS_R id=8782]
You want to configure a WSA to permit access to a particular social media site? however, you also want to deny access to some of the features on that site, such as uploading files and liking posts.
Which of the following WSA features should you configure to achieve your goal (Select the best answer.)
- AMP
- AVC
- DCA
- DLP
Section: Content and Endpoint Security Explanation
Explanation/Reference:
You should configure the Application Visibility and Control (AVC) feature on a Cisco Web Security Appliance (WSA) if you want to permit access to a particular social media site and deny the use of some of the features on that site, such as uploading files and liking posts. A WSA is a standalone web gateway that offers features that can mitigate webbased attacks, enforce acceptable use policies, and provide detailed reporting. The AVC feature provides an administrator with granular control over a wide range of web applications, including the ability to disable application features, limit application bandwidth, and constrain application access to a particular set of users or period of time. The AVC feature is included as part of the Cisco Web Security Essentials software license, which also includes the following:
– Uniform Resource Locator (URL) filtering
– Threat intelligence using the Cisco Talos threat detection network
– Layer 4 traffic monitoring – Policy management
– Actionable reporting
– Data Loss Prevention (DLP), including thirdparty DLP integration
The URL filtering feature on a WSA can be used to permit or deny access to a particular social media site? however, it does not provide the ability to deny access to some of the features on that site. The URL filtering feature uses a database of over 50 million URLs to protect users from sites that are known to host malicious content. The Dynamic Content Analysis (DCA) feature enhances basic URL filtering by enabling the WSA to determine whether unknown URLs post a threat. The DCA engine can scan unknown URLs and their associated content text in real time and can successfully categorize URLs with an error rate of less than 10 percent.
The DLP feature on a WSA can be used to prevent sensitive data from being transmitted to the web. DLP engines, which include any integrated thirdparty solutions, inspect outbound traffic for specified criteria, such as credit card numbers or customer data, and can take the appropriate action. A WSA can use the Internet Content Adaptation Protocol (ICAP) to integrate thirdparty DLP solutions to enhance its traffic inspection and analysis capabilities. The Advanced Malware Protection (AMP) feature on a WSA can be used to enable advanced malware detection, blocking, analysis, and retroactive reporting on a WSA. The AMP feature enhances the dynamic reputationbased and behaviorbased malware analysis processes available on the WSA with enhanced file reputation, file sandboxing, and retrospective file analysis. Enhanced file analysis enables the WSA to fingerprint a file and send it to the Cisco Security Intelligence Operations (SIO) for a reputation verdict. File sandboxing provides a secure environment where the behavior of a file, such as a compressed archive or a Microsoft Office document, can be analyzed. Retrospective file analysis, which is also known as file retrospection, enables the WSA to track files that were originally deemed as safe and were later determined to be a threat. This helps an administrator determine who might be at risk from those files.
[TABS_R id=8782]