CERTIFIED-IN-CYBERSECURITY · Question #123
CERTIFIED-IN-CYBERSECURITY Question #123: Real Exam Question with Answer & Explanation
The correct answer is B: IPv6's NAT implementation is insecure. IPv6 does not include network address translation (NAT), since many IP addresses are available. As a result, there is no NAT implementation, and so IPv6 can't actually have an insecure version. Rules based on static IPv6 addresses may not work, since IPv6 addresses are often dyna
Question
Which of these statements about the security implications of IPv6 is NOT true? ()
Options
- ARules based on static IPv6 addresses may not work
- BIPv6's NAT implementation is insecure
- CIPv6 traffic may bypass existing security controls
- DIPv6 reputation services may not be mature and useful
Explanation
IPv6 does not include network address translation (NAT), since many IP addresses are available. As a result, there is no NAT implementation, and so IPv6 can't actually have an insecure version. Rules based on static IPv6 addresses may not work, since IPv6 addresses are often dynamically assigned. Thus, certain security controls that rely on static address rules (such as firewalls or access controls) may not work in all cases. Reputation services are still relatively rare, and also somewhat less useful for IPv6 traffic. Finally, an organization needs to configure its security controls to handle IPv6 traffic adequately; otherwise, IPv6 traffic may bypass many existing IPv4 security tools (see ISC2 Study Guide, chapter 4, module 3).
Topics
Community Discussion
No community discussion yet for this question.