Examice

Exam SY0-601 All QuestionsBrowse all questions from this exam

Question 520

An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?

Deploying a SASE solution to remote employees

Building a load-balanced VPN solution with redundant internet

Purchasing a low-cost SD-WAN solution for VPN traffic

Using a cloud provider to create additional VPN concentrators

Correct Answer: A

Deploying a SASE (Secure Access Service Edge) solution to remote employees is the best option for mitigating the scaling issues on the VPN concentrator and internet circuit. SASE integrates wide-area networking (WAN) capabilities with comprehensive security services, which allows for intelligent traffic routing through the cloud closer to the users. This not only reduces the load on the VPN and internet circuit by avoiding backhauling traffic through the data center but also maintains secure, encrypted access to necessary resources and provides monitoring of remote employee internet traffic.

Discussion

sursurOption: A

SASE (Secure Access Service Edge) is a comprehensive networking and security approach that combines wide-area networking (WAN) capabilities with security features. It provides secure access to applications and data, including encrypted tunnel access to the data center, while also offering monitoring capabilities for remote employee internet traffic. By implementing a SASE solution, the organization can reduce traffic on the VPN and internet circuit by routing traffic intelligently through the cloud, closer to the users. This approach helps optimize performance and security, addressing the scaling issues effectively.

subaie503

Surely this can't be a real question from an exam right? "SASE" is not in the exam objectives, this is ridiculous

xBrynlee

I looked it up in the official COMPTIA security+ guidebook and it briefly mentions it in ONE sentence. I'm just going to hope I don't get this question cause wtf. "Enterprise networks often make use of secure web gateways (SWG). An on-premises SWG is a proxy-based firewall, content filter, and intrusion detection/prevention system that mediates user access to Internet sites and services. A next-generation SWG, as marketed by Netskope (netskope.com/products/next-gen-swg), combines the functionality of an SWG with that of data loss prevention (DLP) and a CASB to provide a wholly cloud-hosted platform for client access to websites and cloud apps. This supports an architecture defined by Gartner as secure access service edge (SASE) (scmagazine.com/home/opinion/secure-access-service-edge-sase-key-points-for-earlyadopters)."

sujon_londonOption: A

A SASE (Secure Access Service Edge) solution is a cloud-based security architecture that combines secure web gateway (SWG), cloud access security broker (CASB), and zero trust network access (ZTNA) into a single solution. SASE can help organizations to reduce traffic on their VPN and internet circuit by: Encrypting all traffic between remote employees and the data center, which can help to reduce bandwidth usage SASE (Secure Access Service Edge) solution to remote employees. SASE is a cloud-based security solution that combines VPN, SD-WAN, and other security features such as firewall, web filtering, and data loss prevention. By deploying SASE, remote employees can directly access the internet and cloud applications without routing all traffic through the VPN concentrator and internet circuit, reducing traffic and improving performance.

TM78

This is a great explanation of SASE (pronounced “sassy”). Thanks!

ID77

Thanks Sujon!

GamsjeOption: A

Is Secure Access Service Edge (SASE) this concept in the Exam Objectives ??? Fu*k

ApplebeesWaiter1122

It is not....

ApplebeesWaiter1122Option: A

I think it is A??? Even though SASE is NOT ON THE EXAM OBJECTIVES PDF FROM COMPTIA

benni3c

I could not find the concept in the exam objectives either!

James_TyeOption: C

Either SASE or SD-WAN seem to be equally correct. SASE is the framework while SD-WAN is the software solution. In reading through CompTIA documentation my vote would be SD-WAN, but who knows...

NetTechOption: C

Since SASE is not on the exam objectives, but SASE utilizes SD-WAN technology, would the answer not be SD-WAN?

malibiOption: B

Building a load-balanced VPN solution with redundant internet. i believe they are more concern on the load. VPN by itself is already secure. i think they need a load balancer to accommodate users bandwidth!

shady23Option: A

A. Deploying a SASE solution to remote employees

kewokil120Option: D

Personally Answer D answers the P1 issue of overloaded VPN servers today as it lets you scale to a bigger resource and allows to split users between vpn gateways. A would be longer term answer.

fryderykOption: A

"The organization is looking for a software solution". Citing Palo Alto: "SASE is a cloud-native architecture".

benni3cOption: D

D. Messer's exam notes (3.3): Remote access VPN • On-demand access from a remote device – Software connects to a VPN concentrator • Some software can be configured as always-on