200-310 Exam Dumps | Which of the following statements regarding Cisco GET VPN are true? (Choose two.)

Valid 200-310 Dumps shared by ExamDiscuss.com for Helping Passing 200-310 Exam! ExamDiscuss.com now offer the newest 200-310 exam dumps, the ExamDiscuss.com 200-310 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 200-310 dumps with Test Engine here:

Access 200-310 Dumps Premium Version
(392 Q&As Dumps, 35%OFF Special Discount Code: freecram)

<< Prev Question Next Question >>

Question 97/160

Which of the following statements regarding Cisco GET VPN are true? (Choose two.)

A. All encrypted traffic must pass through a central hub router.

B. A packet's original source and destination are not protected during transmission.

C. Tunnel setup delay introduces jitter and delay that make GET unsuitable for voice traffic.

D. Key management is not scalable, because there is no centralized key server.

E. Dynamic routing protocols that rely on multicast traffic can be used between peers.

Correct Answer: B,E

Explanation/Reference:
Section: Enterprise Network Design Explanation
Explanation:
In a Cisco Group Encrypted Transport (GET) virtual private network (VPN), a packet's original source and destination are not protected during transmission and dynamic routing protocols that rely on multicast traffic can be used between peers. GET VPN is a tunnel-less technology that provides end-to-end security for both unicast and multicast traffic. GET VPN also provides support for advanced Quality of Service (QoS) features, such as low latency connections and direct connections between sites. In a GET VPN, trusted group member routers receive security policy and authentication keys from a central key server.
These group member routers also remove the need for traditional IP Security (IPSec) overlay routing tunnels by applying the encryption to the packet, which preserves the original packet structure, including the source and destination IP addresses that are placed in the outer IP header. Removing the dependency on tunnels to protect traffic and utilizing existing routing infrastructure allows GET VPN to be highly scalable as compared to native IPSec VPNs.
Native IPSec VPNs establish a secure tunnel between two sites that are separated by an untrusted network. This tunneling is also known as overlay routing. IPSec is a security framework that can guarantee the confidentiality and integrity of data as it passes through an untrusted network. IPSec uses Encapsulating Security Protocol (ESP) to provide data confidentiality. ESP encrypts an entire IP packet and encapsulates it as the payload of a new IP packet. Because the entire IP packet is encrypted, the data payload and header information remain confidential. IPSec VPNs are not very scalable, because site-to- site peering is required. With site-to-site peering, each virtual circuit must be provisioned and, if a full mesh of circuits is not created, redundancy is sacrificed. In contrast to GET VPNs, IPSec VPN devices authenticate themselves by using a preshared key or digital certificate, not by using a centralized key management server.
Reference:
CCDA 200-310 Official Cert Guide, Chapter 7, GETVPN, pp. 258-259
Cisco: Cisco Group Encrypted Transport VPN

Question 97/160

LEAVE A REPLY

Download PDF File