nerdexam
(ISC)2

CISSP · Question #1124

What is a security concern when considering implementing software-defined networking (SDN)?

The correct answer is A. It increases the attack footprint.. SDN centralizes network control into a software-based controller, which introduces a larger and more concentrated attack surface compared to traditional distributed network architectures.

Submitted by haru.x· Mar 5, 2026Security Architecture and Engineering

Question

What is a security concern when considering implementing software-defined networking (SDN)?

Options

  • AIt increases the attack footprint.
  • BIt uses open source protocols.
  • CIt has a decentralized architecture.
  • DIt is cloud based.

How the community answered

(23 responses)
  • A
    78% (18)
  • B
    13% (3)
  • C
    4% (1)
  • D
    4% (1)

Why each option

SDN centralizes network control into a software-based controller, which introduces a larger and more concentrated attack surface compared to traditional distributed network architectures.

AIt increases the attack footprint.Correct

SDN increases the attack footprint because the centralized controller becomes a high-value single point of compromise - if an attacker gains control of the SDN controller, they can manipulate the entire network's traffic flows, policies, and routing. Additionally, the separation of the control plane and data plane introduces new attack vectors such as controller spoofing, API exploitation, and southbound/northbound interface vulnerabilities that did not exist in traditional hardware-based networking.

BIt uses open source protocols.

While SDN does utilize open protocols like OpenFlow, the use of open source protocols is not itself the primary security concern - open protocols can be audited and hardened, and proprietary protocols also carry vulnerabilities.

CIt has a decentralized architecture.

SDN actually features a centralized (not decentralized) architecture, where a single controller manages the network; decentralization is the opposite of how SDN is designed and is therefore factually incorrect.

DIt is cloud based.

SDN is not inherently cloud-based - it can be deployed in on-premises data centers, private networks, and other environments, so describing it as cloud-based is an inaccurate characterization of the technology.

Concept tested: SDN security risks and centralized attack surface

Source: https://www.cisa.gov/sites/default/files/publications/sdn-security-considerations-enterprise-network-508.pdf

Topics

#SDN security#attack surface#network architecture#network security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice