300-420 Question #316: Real Exam Question with Answer & Explanation

Question

An engineer is designing a networking solution to allow two hosts to communicate-one host located within the company A network and the other within the company B network. The two companies have no other plans for future additional connections. Both companies want to use a single secure and encrypted internet connection, and the configuration must be as simple as possible. Which network solution must the engineer choose?

Options

• Apolicy-based IPsec tunnel with static routing
• Brouted IPsec tunnel with OSPF routing
• CMPLS VPN provided service with BGP routing
• Dsingle DMVPN with EIGRP routing

Explanation

For a simple, secure, encrypted internet connection between two companies with no future expansion plans, a policy-based IPsec tunnel with static routing is the most appropriate solution.

Common mistakes.

• B. A routed IPsec tunnel combined with OSPF routing would introduce unnecessary complexity and overhead for a simple point-to-point connection between two specific hosts with no expansion plans.
• C. An MPLS VPN provided service with BGP routing is a sophisticated and typically more expensive solution for connecting multiple sites via a service provider, which is overkill for a simple two-company connection.
• D. DMVPN is designed for dynamic, scalable hub-and-spoke or spoke-to-spoke VPNs, making it overly complex and unnecessary for a straightforward, static point-to-point connection requirement.

Concept tested. IPsec VPN design for point-to-point

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpn_ipsec/configuration/15-mt/sec-ipsec-15-mt-book/sec-ipsec-pol-based.html

No community discussion yet for this question.