nerdexam
Exams352-001Questions#711
Cisco

352-001 · Question #711

352-001 Question #711: Real Exam Question with Answer & Explanation

The correct answer is A: Implement GETVPN with selective encryption only for the development traffic. GETVPN with selective encryption is the only solution that integrates natively with MPLS L3 VPN, supports traffic-specific encryption policies to protect development traffic, and leaves VoIP unencrypted and mirrorable for recording.

Question

An enterprise company has an audit requirement to encrypt traffic between selected development teams. Those teams are located in multiple sites across the country. They must migrate all locations to an MPLS Layer 3 VPN-based service, but this implementation must not impact the VoIP solution. The VoIP traffic to and from the call center sites must be copied to the data center servers so that it is recorded to meet another audit requirement. Which solution meets these requirements?

Options

  • AImplement GETVPN with selective encryption only for the development traffic
  • BImplement a DMVPN-based solution encrypting all traffic except the VoIP traffic
  • CImplement LISP-based tunnels for the development traffic
  • DImplement site-to-site GRE tunnels only for development traffic

Explanation

GETVPN with selective encryption is the only solution that integrates natively with MPLS L3 VPN, supports traffic-specific encryption policies to protect development traffic, and leaves VoIP unencrypted and mirrorable for recording.

Common mistakes.

  • B. DMVPN creates spoke-to-spoke overlay tunnels that alter packet headers and can disrupt MPLS-based QoS markings for VoIP, and it is not natively designed to operate within an MPLS L3 VPN service.
  • C. LISP provides location and identity separation for routing scalability but does not offer native encryption capabilities to satisfy the development traffic encryption audit requirement.
  • D. GRE tunnels alone provide no encryption, and combining them with IPsec adds significant complexity without native MPLS L3 VPN integration or selective encryption support.

Concept tested. GETVPN selective encryption over MPLS

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/sec-get-vpn-xe-3s-book.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 352-001 Practice