An organization is designing a network architecture that must meet the following requirements:

✑ Users will only be able to access predefined services.

✑ Each user will have a unique allow list defined for access.

✑ The system will construct one-to-one subject/object access paths dynamically.

Which of the following architectural designs should the organization use to meet these requirements?

1. Peer-to-peer secure communications enabled by mobile applications
2. Proxied application data connections enabled by API gateways
3. Microsegmentation enabled by software-defined networking
4. VLANs enabled by network infrastructure devices

A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:

1. The network supports core applications that have 99.99% uptime.

2. Configuration updates to the SD-WAN routers can only be initiated from the management service.

3. Documents downloaded from websites must be scanned for malware.

Which of the following solutions should the network architect implement to meet the requirements?

Options:

A Reverse proxy, stateful firewalls, and VPNs at the local sites
B IDSs, WAFs, and forward proxy IDS
C DoS protection at the hub site, mutual certificate authentication, and cloud proxy
D IPSs at the hub, Layer 4 firewalls, and DLP

2nd time clarification required 

Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.

Which of the following would be the BEST option to implement?

Options:

A Distributed connection allocation
B Local caching
C Content delivery network
D SD-WAN vertical heterogeneity

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:

Only users with corporate-owned devices can directly access servers hosted by the cloud provider.

The company can control what SaaS applications each individual user can access.

User browser activity can be monitored.

Which of the following solutions would BEST meet these requirements?

Options: A IAM gateway, MDM, and reverse proxy
B VPN, CASB, and secure web gateway
C SSL tunnel, DLP, and host-based firewall
D API gateway, UEM, and forward proxy