nerdexam
Exams300-415Questions#375
Cisco

300-415 · Question #375

300-415 Question #375: Real Exam Question with Answer & Explanation

The correct answer is C: Cisco TrustSec. When FIPS mode is enabled on a Cisco IOS XE SD-WAN device, features like Cisco TrustSec and the use of PAC Authentication Keys are not supported due to the strict cryptographic and security requirements of FIPS.

Security and Quality of Service

Question

Which two features are not supported when FIPS mode is enabled on a Cisco IOS XE SD-WAN device? (Choose two.)

Options

  • ASXP reflectors
  • BSXP over IPv6
  • CCisco TrustSec
  • DStatic IP-SLA mapping
  • EPAC Authentication Key

Explanation

When FIPS mode is enabled on a Cisco IOS XE SD-WAN device, features like Cisco TrustSec and the use of PAC Authentication Keys are not supported due to the strict cryptographic and security requirements of FIPS.

Common mistakes.

  • A. SXP reflectors, which propagate SGTs, are generally supported in FIPS mode unless they rely on a non-FIPS compliant underlying component.
  • B. SXP over IPv6 is a protocol transport mechanism and is not specifically disallowed by FIPS mode on SD-WAN devices.
  • D. Static IP-SLA mapping is a performance monitoring feature that is typically unaffected by FIPS mode enablement.

Concept tested. FIPS mode compatibility with SD-WAN features

Reference. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/m-fips.html

Topics

#FIPS mode#Cisco SD-WAN#Feature compatibility#Security limitations

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-415 Practice