Exam 350-701 topic 1 question 68 discussion

IKEv2 Multi-SA The IKEv2 Multi-SA feature allows an IKEv2 Dynamic Virtual Tunnel Interface (DVTI) session on the IKEv2 responder to support multiple IPsec Security Associations (SA). The maximum number of IPsec SAs per DVTI session is either obtained from AAA authorization or configured on the IPsec profile. The value from AAA has a higher priority. Any change to the max-flow-limit argument in the IPsec profile is not applied to the current session but is applied to subsequent sessions. The IKEv2 Multi-SA feature makes the configuration of the IKEv2 profile in the IPsec profile optional. This optional configuration allows IPsec DVTI sessions using the same virtual template to have different IKEv2 profiles, thus saving the number of virtual template configurations. Note The IKEv2 Multi-SA feature allows multiple IPsec SAs that have non-any-any proxies. However, when the IPsec SA proxies are any-any, a single IPsec SA is allowed. For more information, see the “Multi-SA Support for Dynamic Virtual Tunnel Interfaces for IKEv2” module in the Security for VPNs with IPsec Configuration Guide.

Tricky question, as DMVPN can do it with sharing ipsec tunnel, so both can do it, but most logical is D....Cisco style question. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-mt-book/sec-conn-dmvpn-share-ipsec-w-tun-protect.html#:~:text=Glossary%20Close-,Sharing%20IPsec%20with%20Tunnel%20Protection,results%20in%20network%20connectivity%20problems.&text=Security%20threats%20and%20the%20cryptographic,Encryption%20(NGE)%20white%20paper.

The answer is C

DMVPN can be configured with IKEv2, so answer is not C. I wasn't able to find Cisco documentation to back this up, but found this configuration example: https://journey2theccie.wordpress.com/2020/03/13/ikev1-ikev2-configuration-in-dmvpn/

Really like the comment on following link for this discussion, per say- it looks like Answer is C https://community.cisco.com/t5/network-security/what-is-the-difference-between-dmvpn-and-flexvpn/td-p/3438913

What is the difference between FlexVPN and DMVPN? IPSec: One key difference between FlexVPN and default Dynamic Multipoint VPN (DMVPN) is the protocol used for negotiating IPsec Security Associations (SAs). While DMVPN defaults to using Internet Key Exchange version 1 (IKEv1), FlexVPN utilizes IKEv2.