Site-to-site VPN SDM Lab Sim

Which one of these statements is correct in regards to Next Gen University Ipsec tunnel between its Santa Cruz main campus and its SAC remote campus?

A.
The SAC remote campus remote router is using dynamic IP address; therefore, the Santa Cruz router is using a dynamic crypto map.

B.
Dead Peer Detection (DPD) is used to monitor the Ipsec tunnel, so if there is no traffic traversing between the two sites, the Ipsec tunnel will disconnect.

C.
Tunnel mode is used; therefore, a GRE tunnel interface will be configured.

D.
Only the ESP protocol is being used; AH is not being used.

Explanation:
A is not correct because the VPN ComponentsIPSecDynamic Crypto Map group is empty -> the Santa Cruz router is not using a dynamic crypto map.

Not sure about answer B. We can find DPD information in the VPN ComponentsIKEIKE Profiles group but I am not sure if this group exists in the exam.

C is not correct as we can use Tunnel mode without a GRE tunnel.

D is correct as we can see there is no AH configured under AH Integrity column in the VPN ComponentsIPSecTransform Sets group (while in the ESP Integrity column it is ESP_SHA_HMAC).