A security architect must establish a permanent, encrypted site-to-site link between company headquarters and a remote branch across the public Internet. Which of the following components MUST be deployed at BOTH locations to terminate the tunnel and perform the necessary encryption and decryption operations?
VPN-capable gateway device (firewall, router, or concentrator)
Standalone Network Time Protocol (NTP) stratum-1 server
A site-to-site VPN relies on a VPN-capable gateway-such as a firewall, router, or dedicated concentrator-at each end of the connection. These devices negotiate the tunnel (e.g., with IKE/IPsec), encrypt outbound traffic, and decrypt inbound traffic. Without a capable gateway at both the headquarters and the branch, a secure tunnel cannot be established or maintained; components like switches, NTP servers, or e-mail relays do not provide this functionality.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the role of IPsec in site-to-site VPN encryption?
Open an interactive chat with Bash
How is a VPN concentrator different from a traditional router?
Open an interactive chat with Bash
Why are compliance standards like HIPAA and GDPR relevant to encrypted site-to-site communications?