312-50V9 · Question #393
When security and confidentiality of data within the same LAN is of utmost priority, which IPSec mode should you implement?
The correct answer is C. ESP transport mode. ESP (Encapsulating Security Payload) transport mode provides data confidentiality through encryption for host-to-host communication within the same LAN.
Question
When security and confidentiality of data within the same LAN is of utmost priority, which IPSec mode should you implement?
Options
- AAH Tunnel mode
- BAH promiscuous
- CESP transport mode
- DESP confidential
How the community answered
(31 responses)- A10% (3)
- B16% (5)
- C71% (22)
- D3% (1)
Why each option
ESP (Encapsulating Security Payload) transport mode provides data confidentiality through encryption for host-to-host communication within the same LAN.
AH (Authentication Header) tunnel mode provides integrity and anti-replay protection but offers no encryption, so it cannot protect data confidentiality.
AH promiscuous is not a valid or recognized IPSec mode - promiscuous is a network interface mode, not an IPSec configuration.
ESP is the only IPSec protocol that provides encryption, which directly addresses confidentiality requirements. Transport mode encrypts only the payload of the IP packet while preserving the original IP header, making it ideal for securing traffic between two hosts on the same LAN. AH provides only integrity and authentication, not encryption, so it cannot ensure confidentiality.
ESP confidential is not a valid IPSec mode designation - the correct modes for ESP are transport and tunnel.
Concept tested: IPSec ESP transport mode for LAN confidentiality
Source: https://learn.microsoft.com/en-us/windows-server/networking/technologies/ipsec/ipsec-overview
Topics
Community Discussion
No community discussion yet for this question.