312-50V9 · Question #71
A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company's internal network. Which of the following can be implemented to minimi
The correct answer is C. IPSec. IPSec is the appropriate protocol to deploy a secure remote access VPN that mitigates man-in-the-middle attacks through mutual authentication and encrypted tunneling.
Question
A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company's internal network. Which of the following can be implemented to minimize the opportunity for the man-in-the-middle attack to occur?
Options
- ASSL
- BMutual authentication
- CIPSec
- DStatic IP addresses
How the community answered
(34 responses)- A9% (3)
- B18% (6)
- C71% (24)
- D3% (1)
Why each option
IPSec is the appropriate protocol to deploy a secure remote access VPN that mitigates man-in-the-middle attacks through mutual authentication and encrypted tunneling.
SSL/TLS encrypts data in transit but does not inherently enforce mutual authentication - if certificate validation is not properly implemented, an attacker can still intercept traffic with a forged certificate.
Mutual authentication is a technique or property, not a deployable remote access solution; it is a feature that IPSec and other protocols implement, not a standalone protocol.
IPSec operates at the network layer and provides both mutual authentication and encryption via IKE (Internet Key Exchange), which prevents an attacker from impersonating either endpoint. By cryptographically verifying both communicating parties and encrypting all traffic, IPSec makes it infeasible for a man-in-the-middle attacker to intercept or tamper with the communication. It is the standard protocol used in secure remote access VPN solutions.
Static IP addresses are a network configuration detail that provide no cryptographic protection against man-in-the-middle attacks.
Concept tested: IPSec VPN mutual authentication for MITM prevention
Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-16/sec-sec-for-vpns-with-ipsec-xe-16-book/sec-cfg-vpn-ipsec.html
Topics
Community Discussion
No community discussion yet for this question.