300-730 Question #134: Real Exam Question with Answer & Explanation

The correct answer is A: RSA key. A Cisco IOS GETVPN key server requires an RSA key pair to sign and distribute group policy via the GDOI protocol to registered group members.

Secure Communications Architectures

Question

Which two components are required in a Cisco IOS GETVPN key server configuration? (Choose two.)

Options

ARSA key
BIKE policy
CSSL cipher
DGRE tunnel
EL2TP protocol

Explanation

A Cisco IOS GETVPN key server requires an RSA key pair to sign and distribute group policy via the GDOI protocol to registered group members.

Common mistakes.

B. Although IKE is involved in the GETVPN registration phase, a discrete IKE policy entry is not the primary key-server-specific component being tested here - the RSA key is what uniquely defines the key server's signing and authentication capability.
C. SSL ciphers belong to TLS-based VPN solutions such as Cisco AnyConnect SSL VPN and have no role in GETVPN, which relies on IPsec and the GDOI key management protocol.
D. GRE tunnels are a component of DMVPN architectures; GETVPN is a tunnel-less solution that preserves the original IP header and does not encapsulate traffic in GRE.
E. L2TP is a Layer 2 tunneling protocol used in remote access dial-up or broadband VPN scenarios and plays no part in GETVPN's group-based IPsec key management architecture.

Concept tested. GETVPN key server RSA key requirement

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-16/sec-get-vpn-xe-16-book/sec-get-vpn.html

Topics

#GETVPN#key server#RSA key#IKE policy

Community Discussion

No community discussion yet for this question.

Full 300-730 Practice