CompTIA CASP+ (CAS-004) — Question 8

A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:
1. The network supports core applications that have 99.99% uptime.
2. Configuration updates to the SD-WAN routers can only be initiated from the management service.
3. Documents downloaded from websites must be scanned for malware.
Which of the following solutions should the network architect implement to meet the requirements?

Answer options

• A. Reverse proxy, stateful firewalls, and VPNs at the local sites
• B. IDSs, WAFs, and forward proxy IDS
• C. DoS protection at the hub site, mutual certificate authentication, and cloud proxy
• D. IPSs at the hub, Layer 4 firewalls, and DLP

Correct answer: C

Explanation

The correct answer is C because it includes DoS protection, mutual certificate authentication for secure connections, and a cloud proxy to scan traffic, ensuring security and high availability. Options A and B do not address the requirement for malware scanning or the need for configuration updates to be managed centrally, while D does not provide the necessary cloud proxy capabilities.