# SD-WAN and SASE One-sentence definition: SD-WAN steers traffic over multiple underlays; **SASE** converges networking with cloud-delivered security. ## Key Facts - SD-WAN: path selection, QoS, overlay encryption, centralized policy. - SASE: integrates SWG/CASB/ZTNA/FWaaS/DLP at cloud edge. - Secure the controller, certificates, and device provisioning (ZTP). - Validate segmentation per app; measure latency/Jitter for SLA. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Pick SASE to apply security policy close to users anywhere. **Mnemonic:** “**Steer** smart, **secure** everywhere.” ## Mini Scenario Q: Branch to SaaS traffic hairpins to HQ—solution? A: SD-WAN with local breakout + SASE inspection. ## Revision Checklist - SD-WAN vs SASE. - ZTP security. - Overlay encryption. ## Related [[Zero Trust Network Access (ZTNA)]] · [[Proxies and Secure Web Gateways]] · [[VPN Basics (SSL TLS vs IPsec)]] · [[DDoS Attacks and Defenses]] · [[TLS Handshake Overview]] · [[Domain 4 - Index]]