200-301 Question #987: Real Exam Question with Answer & Explanation

The correct answer is D: tunnel. IPsec Tunnel vs. Transport Mode In order to authenticate data packets and guarantee their integrity, IPsec includes two protocols. These are the AH (Authentication Header) protocol and the ESP (Encapsulating Security Payload) protocol. Both protocols, in turn, support two encapsu

Submitted by luis.pe· Mar 5, 2026

Question

Which IPsec transport mode encrypts the IP header and the payload?

Options

Apipe
Bcontrol
Ctransport
Dtunnel

Explanation

IPsec Tunnel vs. Transport Mode In order to authenticate data packets and guarantee their integrity, IPsec includes two protocols. These are the AH (Authentication Header) protocol and the ESP (Encapsulating Security Payload) protocol. Both protocols, in turn, support two encapsulation modes - tunnel mode and transport mode. Let’s break down their core differences. In tunnel mode, the entire original IP packet is encapsulated to become the payload of a new IP packet. Additionally, a new IP header is added on top of the original IP packet. Since a new packet is created using the original information, tunnel mode is useful for protecting traffic between different networks. The main difference in transport mode is that it retains the original IP header. In other words, payload data transmitted within the original IP packet is protected, but not the IP header.

Topics

#IPsec#IPsec modes#Tunnel mode#Data encryption

Community Discussion

No community discussion yet for this question.

Full 200-301 Practice Browse All 200-301 Questions