Which two are features of GETVPN but not DMVPN and FlexVPN? (Choose two.)
A. sequence numbers that enable scalable replay checking CD protocol
B. no requirement for an overlay routing protocol.
C. design for use over public or private.
D. WAN enabled use of ESP or AH.
E. one IPsec SA for all encrypted traffic.
B & E is correct
E is probably right…
GETVPN Technology Overview
A GETVPN deployment has primarily three components, Key Server (KS), Group Member (GM), and Group Domain of Interpretation (GDOI) protocol. GMs do encrypt/decrypt the traffic and KS distribute the encryption key to all the group members. The KS decides on one single data encryption key for a given life time. Since all GMs use the same key, any GM can decrypt the traffic encrypted by any other GM. GDOI protocol is used between the GM and KS for group key and group SA management. Minimum one KS is required for a GETVPN deployment.
Unlike traditional IPSec encryption solutions, GET VPN uses the concept of group SA. All members in the GETVPN group can communicate with each other using a common encryption policy and a shared SA and therefore no need to negotiate IPSec between GMs on a peer to peer basis; thereby reducing the resource load on the GM routers.
E is not correct. It is not a single IPsec SA.
“A Security Association (SA) is the establishment of shared security attributes between two network entities to support secure communication. An SA may include attributes such as: cryptographic algorithm and mode; traffic encryption key; and parameters for the network data to be passed over the connection.”
Each combination will have their own SA’s, but will use the same IPsec profile, authentication, and encryption.
Nuanced word play, but each tunnel is a separate Security Association.
B&D is more correct.
I’d say the answer is B and E. Not D. No references found