312-50V11 · Question #298
A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company's internal network. Which of the following can be implemented to minimi
The correct answer is C. IPSec. IPSec is the correct remote access VPN protocol choice for preventing man-in-the-middle attacks because it provides both authenticated key exchange and encrypted tunneling.
Question
A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company's internal network. Which of the following can be implemented to minimize the opportunity for the man-in-the-middle attack to occur?
Options
- ASSL
- BMutual authentication
- CIPSec
- DStatic IP addresses
How the community answered
(35 responses)- A9% (3)
- B3% (1)
- C77% (27)
- D11% (4)
Why each option
IPSec is the correct remote access VPN protocol choice for preventing man-in-the-middle attacks because it provides both authenticated key exchange and encrypted tunneling.
SSL protects data in transit but in a basic deployment does not inherently require the client to authenticate to the server, leaving the session vulnerable to a MITM attack if certificate validation is not strictly enforced.
Mutual authentication is a feature or technique, not a deployable remote access solution on its own - it does not provide the encryption or tunneling necessary to protect the full session.
IPSec uses the Internet Key Exchange (IKE) protocol to perform mutual authentication and establish a shared secret before any data is transmitted, ensuring both endpoints are verified. It then encrypts and integrity-protects all traffic inside the tunnel using ESP or AH, preventing an attacker from intercepting or modifying data in transit. This combination of mutual authentication and encryption makes IPSec a complete, MITM-resistant remote access solution.
Static IP addresses are a network configuration parameter and provide no cryptographic protection or identity verification, doing nothing to prevent a MITM attack.
Concept tested: IPSec VPN remote access and MITM prevention
Source: https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/about-ipsec
Topics
Community Discussion
No community discussion yet for this question.