300-320 Question #445: Real Exam Question with Answer & Explanation

The correct answer is A: GRE over IPsec. GRE over IPsec satisfies both requirements: encryption and multicast support. GRE (Generic Routing Encapsulation) natively supports multicast and broadcast traffic by encapsulating any Layer 3 protocol. IPsec provides the encryption. By wrapping GRE packets inside IPsec, you get

Question

A network engineer must use an Internet connection to provide backup connectivity between two sites. The backup connection must be encrypted and support multicast. Which technology must be used?

Options

AGRE over IPsec
BGETVPN
CIPsec direct encapsulation
DDMVPN

Explanation

GRE over IPsec satisfies both requirements: encryption and multicast support. GRE (Generic Routing Encapsulation) natively supports multicast and broadcast traffic by encapsulating any Layer 3 protocol. IPsec provides the encryption. By wrapping GRE packets inside IPsec, you get an encrypted tunnel that can also carry multicast traffic. IPsec direct encapsulation (Option C) encrypts unicast traffic but does not natively support multicast. GETVPN (Option B) is a tunnel-less encryption solution designed for MPLS networks with a shared routing domain-not suitable for Internet backup links. DMVPN (Option D) also uses GRE over IPsec and supports multicast, but it is designed for scalable hub-and-spoke or partial-mesh topologies with many sites, making it more complex than necessary for a simple two-site backup link.

Community Discussion

No community discussion yet for this question.

Full 300-320 Practice