nerdexam
Exams300-730Questions#220
Cisco

300-730 · Question #220

300-730 Question #220: Real Exam Question with Answer & Explanation

The correct answer is C: It provides an encryption service.. In Cisco GET-VPN, roles are split between the Key Server (KS) and Group Members (GMs). Group Members are the routers that perform the actual encryption and decryption of traffic flowing between sites.

Secure Communications Architectures

Question

What is the purpose of group members in a Cisco Group Encrypted Transport VPN architecture?

Options

  • AIt services registration requests.
  • BIt supplies group authentication keys.
  • CIt provides an encryption service.
  • DIt holds group authentication keys.

Explanation

In Cisco GET-VPN, roles are split between the Key Server (KS) and Group Members (GMs). Group Members are the routers that perform the actual encryption and decryption of traffic flowing between sites.

Common mistakes.

  • A. Servicing registration requests is the function of the Key Server, which listens for GDOI registration messages from Group Members.
  • B. Supplying group authentication keys is also a Key Server responsibility - it pushes KEK and TEK to authenticated Group Members.
  • D. Holding (storing) group authentication keys is another Key Server function, not a Group Member function.

Concept tested. GET-VPN Group Member role in architecture

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-16/sec-conn-getvpn-xe-16-book/sec-get-vpn.html

Topics

#GET VPN#group members#key server#encryption service

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-730 Practice