Implementing Secure Solutions with Virtual Private Networks (SVPN) — Question 49

Which statement about GETVPN is true?

Answer options

• A. The configuration that defines which traffic to encrypt originates from the key server.
• B. TEK rekeys can be load-balanced between two key servers operating in COOP.
• C. The pseudotime that is used for replay checking is synchronized via NTP.
• D. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.

Correct answer: A

Explanation

Option A is correct because in GETVPN, the key server is responsible for defining the traffic that needs to be encrypted. Options B, C, and D are incorrect; while TEK rekeys can be managed by a single key server, they do not have to be load-balanced, pseudotime synchronization is not inherently tied to NTP, and not all rekeys require acknowledgment from group members based on the configuration.