300-730 Question #97: Real Exam Question with Answer & Explanation

The correct answer is B: to maintain encryption policies. The GETVPN key server centrally maintains group encryption policies and distributes keys to authenticated group members, ensuring consistent security across the group.

Question

What are two purposes of the key server in Cisco IOS GETVPN? (Choose two.)

Options

Ato download encryption keys
Bto maintain encryption policies
Cto distribute routing information
Dto encrypt data traffic
Eto authenticate group members

Explanation

The GETVPN key server centrally maintains group encryption policies and distributes keys to authenticated group members, ensuring consistent security across the group.

Common mistakes.

A. Downloading encryption keys is the role of the group member, which registers with the key server to receive the TEK and KEK - the key server distributes rather than downloads keys.
C. GETVPN does not manage or distribute routing information; routing is handled independently by the underlying WAN infrastructure and is outside the scope of the key server.
D. The key server does not participate in data-plane encryption; group members perform all data traffic encryption themselves using the keys and policies received from the key server.
E. While group member authentication occurs during the GETVPN registration process, it functions as a prerequisite mechanism supporting policy and key distribution rather than a standalone independent purpose of the key server.

Concept tested. Cisco IOS GETVPN key server roles and responsibilities

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/sec-get-vpn-xe-3s-book/sec-get-vpn.html

Community Discussion

No community discussion yet for this question.

Full 300-730 Practice