How does the Cisco WSA choose which scanning engine verdict to use when there is more than one verdict?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa11-0/user_guide/b_WSA_UserGuide/b_WSA_UserGuide_chapter_010000.htmlWhen Cisco Web Security Appliance (WSA) receives a file to be scanned, it uses multiple scanning engines to determine whether the file is malicious or not. Each scanning engine will provide a verdict on the file's status. If multiple scanning engines return different verdicts, the Cisco WSA will use a process called "verdict aggregation" to determine which verdict to use.
During verdict aggregation, the Cisco WSA assigns each scanning engine a weight based on its reliability and accuracy. The weights are pre-configured by Cisco and are designed to give more weight to the more reliable scanning engines.
Once the weights have been assigned, the Cisco WSA will compare the verdicts returned by each scanning engine and use the verdict from the scanning engine with the highest weight. This means that if one scanning engine returns a verdict of "clean" and another scanning engine returns a verdict of "malicious," the Cisco WSA will use the verdict from the more reliable scanning engine, which in this case would likely be the "malicious" verdict.
Therefore, the answer to the question is B. The Cisco WSA chooses the most restrictive verdict when there is more than one verdict.