Exam 400-007 topic 1 question 274 discussion

D. firewall nor VRF provide data encryption. GETVPN does not support point-to-point links. IPSec tunnels support encryption over MPLS and point-to-point links.

Answer is c. GETVPN provides payload encryption without tunneling overhead, enabling rapid deployment and efficient traffic isolation over MPLS providers.

The requirement is for end-to-end production traffic encryption, hence all the links. C covers only MPLS links.

D. IPsec point-to-point tunnels over the MPLS and point-to-point links provide an isolated and encrypted packet end-to-end. Here's why: * IPsec: This is a well-established standard for providing secure, encrypted communication over IP networks. It offers a variety of modes (transport, tunnel) and algorithms to meet different security needs. * Point-to-point tunnels: Creating point-to-point tunnels between production units and marketing departments ensures that traffic remains isolated and encrypted throughout its journey, even over the MPLS network. * Quick rollout: IPsec is widely supported by network devices, making it relatively straightforward to implement and deploy. While other options might provide some level of security, they may require more complex configurations or additional hardware (for GETVPN), which could delay the rollout process. IPsec point-to-point tunnels offer a practical and efficient solution for Company XYZ to meet their security and compliance requirements.

While other options could technically work, they may involve more complexity or overhead: * A firewall does not provide end-to-end encryption. * VRF-Lite with IPsec adds more complexity and overhead, which may not be suitable for a quick rollout. * IPsec point-to-point tunnels introduce significant overhead and complexity, particularly across a large and dispersed network. Thus, GETVPN is the optimal choice for a quick and efficient implementation.