300-415 Question #220: Real Exam Question with Answer & Explanation

The correct answer is D: A WAN Edge router is behind NAT.. Customers often choose IPsec tunnels over GRE due to enhanced security features and better compatibility with Network Address Translation (NAT) environments. IPsec inherently provides encryption and authentication, while its NAT traversal capabilities simplify deployment behind f

Security and Quality of Service

Question

What are the two reasons a customer chooses to use IPsec tunnels over GRE? (Choose two.)

Options

AIPsec failure detection is faster.
BGenerally, they provide a higher bandwidth for tunnel connection.
CvFlowd is required.
DA WAN Edge router is behind NAT.
EIPsec is more secure.

Explanation

Customers often choose IPsec tunnels over GRE due to enhanced security features and better compatibility with Network Address Translation (NAT) environments. IPsec inherently provides encryption and authentication, while its NAT traversal capabilities simplify deployment behind firewalls.

Common mistakes.

A. While IPsec can utilize keepalives, its failure detection isn't inherently faster than GRE, which can also be combined with protocols like BFD for rapid failure detection.
B. GRE tunnels generally have lower overhead than IPsec due to fewer security operations, potentially offering slightly higher bandwidth efficiency in some scenarios, rather than IPsec providing higher bandwidth.
C. vFlowd is a Cisco proprietary flow monitoring daemon, not a general requirement or distinguishing factor between IPsec and GRE tunnel choices.

Concept tested. IPsec vs. GRE Tunnel Features

Reference. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/sdwan-security.html#concept_z5r_td2_vnb

Topics

#IPsec#GRE#Security#NAT Traversal

Community Discussion

No community discussion yet for this question.

Full 300-415 Practice