300-415 Question #13: Real Exam Question with Answer & Explanation

The correct answer is C: authentication headers. In the Cisco SD-WAN data plane, Authentication Headers (AH) and Encapsulation Security Payload (ESP) are the two IPsec mechanisms that guarantee packet integrity.

Security and Quality of Service

Question

Which two mechanisms are used to guarantee the integrity of data packets in the Cisco SD-WAN architecture data plane? (Choose two.)

Options

Acertificates
Btransport locations
Cauthentication headers
Dencapsulation security payload
ETPM chip

Explanation

In the Cisco SD-WAN data plane, Authentication Headers (AH) and Encapsulation Security Payload (ESP) are the two IPsec mechanisms that guarantee packet integrity.

Common mistakes.

A. Certificates are used in the Cisco SD-WAN control plane for device authentication and identity verification, not for guaranteeing data plane packet integrity.
B. Transport locations (TLOCs) are logical identifiers representing a WAN Edge's transport attachment points and are not security mechanisms for ensuring packet integrity.
E. A TPM chip is a hardware security module used for secure key storage and platform integrity attestation during boot, not a mechanism that operates in the data plane to guarantee packet integrity.

Concept tested. Cisco SD-WAN data plane IPsec integrity mechanisms

Reference. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/ios-xe-17/security-book-xe/security-overview.html

Topics

#SD-WAN security#IPsec#Data integrity#ESP

Community Discussion

No community discussion yet for this question.

Full 300-415 Practice