nerdexam
EC-Council

312-50V9 · Question #71

A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company's internal network. Which of the following can be implemented to minimi

The correct answer is C. IPSec. IPSec is the appropriate protocol to deploy a secure remote access VPN that mitigates man-in-the-middle attacks through mutual authentication and encrypted tunneling.

Cryptography

Question

A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company's internal network. Which of the following can be implemented to minimize the opportunity for the man-in-the-middle attack to occur?

Options

  • ASSL
  • BMutual authentication
  • CIPSec
  • DStatic IP addresses

How the community answered

(34 responses)
  • A
    9% (3)
  • B
    18% (6)
  • C
    71% (24)
  • D
    3% (1)

Why each option

IPSec is the appropriate protocol to deploy a secure remote access VPN that mitigates man-in-the-middle attacks through mutual authentication and encrypted tunneling.

ASSL

SSL/TLS encrypts data in transit but does not inherently enforce mutual authentication - if certificate validation is not properly implemented, an attacker can still intercept traffic with a forged certificate.

BMutual authentication

Mutual authentication is a technique or property, not a deployable remote access solution; it is a feature that IPSec and other protocols implement, not a standalone protocol.

CIPSecCorrect

IPSec operates at the network layer and provides both mutual authentication and encryption via IKE (Internet Key Exchange), which prevents an attacker from impersonating either endpoint. By cryptographically verifying both communicating parties and encrypting all traffic, IPSec makes it infeasible for a man-in-the-middle attacker to intercept or tamper with the communication. It is the standard protocol used in secure remote access VPN solutions.

DStatic IP addresses

Static IP addresses are a network configuration detail that provide no cryptographic protection against man-in-the-middle attacks.

Concept tested: IPSec VPN mutual authentication for MITM prevention

Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-16/sec-sec-for-vpns-with-ipsec-xe-16-book/sec-cfg-vpn-ipsec.html

Topics

#man-in-the-middle#mutual authentication#IPSec#remote access

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice