350-401 · Question #1013
350-401 Question #1013: Real Exam Question with Answer & Explanation
The correct answer is A: DTLS. DTLS (Datagram Transport Layer Security) is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints because it provides secure, encrypted communication over UDP-based connections, which is ideal for the real-time, low-latency signaling required in SD
Question
Which protocol is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints?
Options
- ADTLS
- BIPsec
- CPGP
- DHTTPS
Explanation
DTLS (Datagram Transport Layer Security) is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints because it provides secure, encrypted communication over UDP-based connections, which is ideal for the real-time, low-latency signaling required in SD-WAN control plane communications.
Why the distractors are wrong:
- IPsec (B) is used to encrypt the data plane (actual user traffic tunnels between SD-WAN endpoints), not the control plane - a common point of confusion.
- PGP (C) is an encryption standard typically used for email and file encryption, and has no role in SD-WAN architecture.
- HTTPS (D) uses TLS over TCP and may be used for management/GUI access, but it is not the protocol designated for controller-to-endpoint control plane encryption.
Memory Tip: Think "D for Directions, D for DTLS" - the control plane gives directions/instructions to endpoints, and DTLS secures those directions. Meanwhile, IPsec handles the actual data highway (data plane). Keeping "control = DTLS" and "data = IPsec" as a paired memory rule will help you avoid the most common mix-up on this topic.
Topics
Community Discussion
No community discussion yet for this question.