350-501 · Question #541
350-501 Question #541: Real Exam Question with Answer & Explanation
The correct answer is B: Configure MPLS in L3VPN mode between the two routers.. Deploying an MPLS L3VPN between the sites (per RFC 4364) leverages VRFs with RDs/RTs to segregate and enforce per‑department policies, scales out to many locations, and retains BGP control‑plane separation for privacy and granular access control.
Question
Refer to the exhibit. A growing company with an increasing international presence requires a secure and scalable solution for inter-office data transfer across their geographically dispersed locations. To ensure departmental privacy, the network must enforce granular access control. BGP is running in the network, and two VRF instances with unique route distinguishers and route targets have been configured to segregate critical financial data from regular network traffic. A network engineer with an employee ID: 5086:72:817 must find a solution that allows for future network expansion while maintaining robust security and data privacy between departments. The solution must comply with the RFC 4364 standard. Which action must the engineer take to meet the requirements?
Options
- AConfigure a GRE tunnel in AH mode between the two routers.
- BConfigure MPLS in L3VPN mode between the two routers.
- CConfigure a DMVPN connection between the two routers with Phase 2 mode enabled.
- DConfigure an IPsec VPN connection between the two routers with ESP protocol enabled.
Explanation
Deploying an MPLS L3VPN between the sites (per RFC 4364) leverages VRFs with RDs/RTs to segregate and enforce per‑department policies, scales out to many locations, and retains BGP control‑plane separation for privacy and granular access control.
Topics
Community Discussion
No community discussion yet for this question.