Cisco
400-007 · Question #464
400-007 Question #464: Real Exam Question with Answer & Explanation
The correct answer is D: GETVPN key servers would be on public, hacker-reachable space and need higher security.. GETVPN is designed for private WANs, not Internet-based remote access. In an Internet-based VPN with 1000 remote sites, the key servers would be exposed in public address space, making them reachable by attackers and requiring much stronger security controls.
Question
An organization is working on a design solution for a new Internet-based remote access virtual private network that has 1000 remote sites. A network administrator recommends GETVPN as the model. What is a potential problem of using GETVPN in this situation?
Options
- AGETVPN requires a high level of background traffic to maintain its IPsec SAs.
- BGETVPN and DMVPN do not interoperate.
- CGETVPN is not scalable to a large number of remote sites.
- DGETVPN key servers would be on public, hacker-reachable space and need higher security.
Explanation
GETVPN is designed for private WANs, not Internet-based remote access. In an Internet-based VPN with 1000 remote sites, the key servers would be exposed in public address space, making them reachable by attackers and requiring much stronger security controls.
Community Discussion
No community discussion yet for this question.