nerdexam
Cisco

400-007 · Question #464

An organization is working on a design solution for a new Internet-based remote access virtual private network that has 1000 remote sites. A network administrator recommends GETVPN as the model. What

The correct answer is D. GETVPN key servers would be on public, hacker-reachable space and need higher security.. GETVPN is designed for private WANs, not Internet-based remote access. In an Internet-based VPN with 1000 remote sites, the key servers would be exposed in public address space, making them reachable by attackers and requiring much stronger security controls.

Designing Security

Question

An organization is working on a design solution for a new Internet-based remote access virtual private network that has 1000 remote sites. A network administrator recommends GETVPN as the model. What is a potential problem of using GETVPN in this situation?

Options

  • AGETVPN requires a high level of background traffic to maintain its IPsec SAs.
  • BGETVPN and DMVPN do not interoperate.
  • CGETVPN is not scalable to a large number of remote sites.
  • DGETVPN key servers would be on public, hacker-reachable space and need higher security.

How the community answered

(46 responses)
  • A
    13% (6)
  • B
    7% (3)
  • C
    4% (2)
  • D
    76% (35)

Explanation

GETVPN is designed for private WANs, not Internet-based remote access. In an Internet-based VPN with 1000 remote sites, the key servers would be exposed in public address space, making them reachable by attackers and requiring much stronger security controls.

Topics

#GETVPN#IPsec VPN#key server#Internet VPN design

Community Discussion

No community discussion yet for this question.

Full 400-007 Practice