300-320 Question #285: Real Exam Question with Answer & Explanation

The correct answer is D: DMVPN. DMVPN (Dynamic Multipoint VPN) satisfies all three requirements. It uses IPsec for bulk encryption of traffic between sites. Its hub-and-spoke design with NHRP (Next Hop Resolution Protocol) means adding a new spoke site only requires configuring the new spoke - the hub configura

Question

A VPN solution requires bulk traffic encryption, low OpEx to add new sites, and the ability to accommodate dynamic tunnels between branch locations. What VPN solution can fulfill these requirements?

Options

AGETVPN
BSSL VPN
CEasy VPN
DDMVPN

Explanation

DMVPN (Dynamic Multipoint VPN) satisfies all three requirements. It uses IPsec for bulk encryption of traffic between sites. Its hub-and-spoke design with NHRP (Next Hop Resolution Protocol) means adding a new spoke site only requires configuring the new spoke - the hub configuration does not change, minimizing operational expenditure (low OpEx). Most importantly, DMVPN Phase 2 and Phase 3 support dynamic spoke-to-spoke tunnels: spokes can dynamically establish direct IPsec tunnels with each other on demand without going through the hub. GETVPN (A) excels at bulk encryption in trusted networks (like MPLS) but does not create tunnels or support spoke-to-spoke dynamically. SSL VPN (B) and Easy VPN (C) are remote-access solutions for individual clients, not site-to-site with dynamic mesh capabilities.

Community Discussion

No community discussion yet for this question.

Full 300-320 Practice