Question 29
Domain 3: Infrastructure, Network, and Workload SecurityAn organization is implementing a Secure Access Service Edge (SASE) architecture. Which combination of capabilities does SASE PRIMARILY integrate?
Correct answer: A
Explanation
SASE combines networking and security into a single cloud-delivered service, so it primarily integrates "network security and wide-area networking." This matches the definition of Secure Access Service Edge, which unifies WAN capabilities with security functions for users and applications anywhere.
Why each option is right or wrong
A. Network security and wide-area networking
NIST SP 800-207 (Zero Trust Architecture) describes SASE as a cloud-delivered model that converges WAN transport with security enforcement at the service edge. In practical terms, the architecture centers on replacing separate branch WAN and perimeter security stacks with integrated SD-WAN/WAN connectivity plus security controls such as SWG, CASB, FWaaS, and ZTNA, so the pairing of network security and wide-area networking is the defining combination.
B. Identity management and data encryption
C. Endpoint protection and email security
D. Vulnerability scanning and patch management