CCDE: Cisco Certified Design Expert (Practical) — Question 215

Company XYZ has multiple production units and marketing departments across the region. The current network is a mixture of point-to-point links and MPLS Layer 3 VPN service from the provider. The Info-Sec team has suggested to isolate production traffic end-to-end with an encryption over the transport network to comply with the HIPAA standard. Which solution must be used in their design if Company XYZ wants a quick roll out?

Answer options

• A. A firewall can be placed centrally to filter out the traffic based on required ports.
• B. VRF-Lite can be implemented toward the downstream network and VRF-based tunnels combined with IPsec can be implemented over the service provider
• C. GETVPN can be implemented over the MPLS provider, which provides a payload encryption without the overhead of the tunnelling
• D. IPsec point-to-point tunnels over the MPLS and point-to-point links provide an isolated and encrypted packet end-to-end

Correct answer: C

Explanation

GETVPN is the correct choice because it allows for payload encryption without adding the overhead associated with tunneling, which is ideal for quick deployment. The other options may involve more complexity or additional infrastructure, making them less suitable for rapid implementation under the given requirements.