🛡️
Alex Cyber Study
Home
D1
D2
D3
D4
D5
D6
D7
D8
🌐 SASE vs Traditional Models
Domain 4 — Match each model to its concept and limitation
← Back to Domain 4
Castle-and-Moat Model
Concept
-- Select Concept --
Everything inside the network is trusted; outside is untrusted
Each function (firewall, CASB, DLP) is separate
All traffic is routed through HQ
Remote users gain full internal access via VPN
Limitation
-- Select Limitation --
Breaks down with cloud apps, remote users, and BYOD
Increases latency and creates single points of failure
Over-privileged access, not identity-aware
Complexity and inconsistent enforcement
Hub-and-Spoke Model
Concept
-- Select Concept --
Everything inside the network is trusted; outside is untrusted
Each function (firewall, CASB, DLP) is separate
All traffic is routed through HQ
Remote users gain full internal access via VPN
Limitation
-- Select Limitation --
Breaks down with cloud apps, remote users, and BYOD
Increases latency and creates single points of failure
Over-privileged access, not identity-aware
Complexity and inconsistent enforcement
VPN-Only Model
Concept
-- Select Concept --
Everything inside the network is trusted; outside is untrusted
Each function (firewall, CASB, DLP) is separate
All traffic is routed through HQ
Remote users gain full internal access via VPN
Limitation
-- Select Limitation --
Breaks down with cloud apps, remote users, and BYOD
Increases latency and creates single points of failure
Over-privileged access, not identity-aware
Complexity and inconsistent enforcement
Point-Product Model
Concept
-- Select Concept --
Everything inside the network is trusted; outside is untrusted
Each function (firewall, CASB, DLP) is separate
All traffic is routed through HQ
Remote users gain full internal access via VPN
Limitation
-- Select Limitation --
Breaks down with cloud apps, remote users, and BYOD
Increases latency and creates single points of failure
Over-privileged access, not identity-aware
Complexity and inconsistent enforcement
Zero Trust (Modern Baseline)
Concept
-- Select Concept --
Never trust, always verify
All traffic is routed through HQ
Everything inside is trusted
Each function is a separate appliance
Limitation
-- Select Limitation --
Requires identity-driven architecture and monitoring
Increases latency and creates single points of failure
Over-privileged access, not identity-aware
Complexity and inconsistent enforcement
Perimeter-Based Security Model
Concept
-- Select Concept --
Relies on fixed network boundary firewalls
All traffic is routed through HQ
Each function is separate
Remote users gain internal access
Limitation
-- Select Limitation --
Fails with cloud/mobile decentralization
Increases latency and single points of failure
Over-privileged access
Complex enforcement
Check Answers
Reset