Designing Cisco Network Service Architectures (ARCH, legacy) — Question 61
A company has a regulatory requirement that all connections between their sites must be encrypted in a manner that does not require maintenance of permanent tunnels. The remote offices are connected by a private MPLS-based service that requires a dynamically changing key, spoke-to-spoke communication, and reuse of the existing IP header. Which type of transport encryption must be used?
Answer options
- A. GRE VPN
- B. DMVPN
- C. GETVPN
- D. standard IPsec VPN
Correct answer: B
Explanation
DMVPN is specifically designed to facilitate dynamic key management and spoke-to-spoke communication without the need for permanent tunnels, making it the correct choice for this scenario. GRE VPN does not offer the necessary encryption for this requirement, GETVPN is more suited for scenarios where a constant connection is needed, and standard IPsec VPN typically requires established tunnels, which contradicts the requirement.