300-420 Question #193: Real Exam Question with Answer & Explanation

Question

A company's security policy requires that all connections between sites be encrypted in a manner that does not require maintenance of permanent tunnels. The sites are connected through a private MPLS-based service that uses a dynamically changing key and spoke-to-spoke communication. Which type of transport encryption must be used in this environment?

Options

• AGETVPN
• BDMVPN
• CGRE VPN
• Dstandard IPsec VPN

Explanation

GETVPN (Group Encrypted Transport VPN) is a Cisco proprietary technology that provides dynamic encryption for spoke-to-spoke communication over a private MPLS network. It does not require the maintenance of permanent tunnels, and it uses dynamically changing keys. DMVPN (Dynamic Multipoint VPN) is another Cisco proprietary technology that can be used to create a VPN over a private MPLS network. However, DMVPN does require the maintenance of permanent tunnels, and it does not support dynamically changing keys. GRE VPN (Generic Routing Encapsulation VPN) is a generic VPN technology that can be used over any type of network, including a private MPLS network. However, GRE VPN does not support dynamically changing keys. Standard IPsec VPN is a generic VPN technology that can be used over any type of network, including a private MPLS network. It supports dynamically changing keys, but it requires the maintenance of permanent tunnels. Therefore, the best choice for this environment is GETVPN. It meets all of the requirements, including dynamically changing keys, spoke-to-spoke communication, and no need for permanent

No community discussion yet for this question.