Control Access to Websites with Proxy Authentication

DE.

To control access to websites with proxy authentication on a Cisco WSA, the following two parameters are mandatory:

1. External Authentication: External authentication is the process of verifying a user's identity by an external authentication server, such as an Active Directory (AD) or a Lightweight Directory Access Protocol (LDAP) server. In this process, the Cisco WSA forwards the user's login credentials to the external server for verification. If the user's credentials are valid, the Cisco WSA grants access to the requested website.

2. Authentication Realm: An authentication realm is a specific authentication domain or namespace in which user credentials are validated. The realm can be a Windows domain, an LDAP directory, or any other authentication provider. The authentication realm is mandatory to control access to websites with proxy authentication on a Cisco WSA because it specifies the scope of user authentication. When a user requests access to a website, the Cisco WSA sends the user's credentials to the specified authentication realm for validation. If the credentials are valid, the Cisco WSA allows access to the requested website.

Therefore, the correct answers are A (External Authentication) and E (Authentication Realm).

The other answer options are not mandatory to control access to websites with proxy authentication on a Cisco WSA, but they do provide additional security features:

B. Identity Enabled Authentication: This feature allows users to authenticate using their Active Directory or LDAP credentials, and also supports two-factor authentication (2FA).

C. Transparent User Identification: This feature enables the WSA to identify users by analyzing network traffic, without requiring user authentication.

D. Credential Encryption: This feature encrypts user credentials to prevent them from being intercepted by attackers.