Implementing Cisco SD-WAN Solutions (ENSDWI) — Question 371

Which two features are not supported when FIPS mode is enabled on a Cisco IOS XE SD-WAN device? (Choose two.)

Answer options

• A. SXP reflectors
• B. SXP over IPv6
• C. Cisco TrustSec
• D. Static IP-SGT mapping
• E. РАС Authentication Key

Correct answer: C, E

Explanation

Cisco TrustSec and РАС Authentication Key are not compatible with FIPS mode due to the stricter security standards that FIPS enforces, which restrict certain cryptographic methods. The other options, such as SXP reflectors and SXP over IPv6, continue to function normally under FIPS mode.