300-415 Question #299: Real Exam Question with Answer & Explanation

The correct answer is A: AES-256 GCM. Cisco SD-WAN secures data plane traffic by employing AES-256 GCM as the primary encryption algorithm within IPsec tunnels.

Security and Quality of Service

Question

Which encryption algorithm is used for encrypting SD-WAN data plane traffic?

Options

AAES-256 GCM
BTriple DES
CAES-128
DIPsec

Explanation

Cisco SD-WAN secures data plane traffic by employing AES-256 GCM as the primary encryption algorithm within IPsec tunnels.

Common mistakes.

B. Triple DES is an older, less secure, and less performant encryption algorithm that is not the primary choice for modern Cisco SD-WAN data plane encryption.
C. While AES is the encryption standard, AES-128 uses a smaller key size than AES-256, providing a lower level of security than the preferred AES-256 GCM in Cisco SD-WAN.
D. IPsec is a protocol suite used for secure communication, but it is not an encryption algorithm itself; AES-256 GCM is the specific algorithm employed within the IPsec suite.

Concept tested. SD-WAN data plane encryption algorithm

Reference. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/sdwan-security-config.html

Topics

#SD-WAN Security#Data Plane Encryption#AES-256 GCM#IPsec

Community Discussion

No community discussion yet for this question.

Full 300-415 Practice