An engineer is troubleshooting a Cisco WSA that is failing to block malware downloads from a specific cloud storage website. The URL filtering policy is set to block the 'Cloud Storage' category, and the Web Reputation score is set to block scores below -5.0. Users can still download files. What is the most likely cause?
Malware inspection only applies to specified file types; if not included, downloads pass through.
Why this answer
The Cisco WSA can block malware downloads only if it inspects the file content. If the file type is not configured for malware inspection, the WSA will allow the download even if the URL category and reputation score are set to block. This is because malware inspection requires explicit configuration of file types (e.g., .exe, .zip) to scan for threats, and without it, the WSA bypasses deep content analysis.
Exam trap
Cisco often tests the misconception that URL filtering and reputation scores alone are sufficient to block malware, but the trap here is that malware inspection must be explicitly configured for specific file types to actually scan and block malicious content.
How to eliminate wrong answers
Option B is wrong because HTTPS proxy decryption is required to inspect encrypted traffic, but the question does not specify that the cloud storage website uses HTTPS; even if it does, the core issue is that the file type is not inspected, not the lack of decryption. Option C is wrong because the L4 Traffic Monitor is used for monitoring traffic flows and does not affect malware inspection or URL filtering decisions. Option D is wrong because user authentication is not required for URL filtering or malware inspection to apply; the WSA can enforce policies based on source IP or other criteria without authentication.