nerdexam
(ISC)2

CISSP · Question #866

What type of encryption is used to protect sensitive data in transit over a network?

The correct answer is A. Payload encryption and transport encryption. Protecting data in transit over a network requires encryption at multiple layers, including both the payload and the transport channel itself.

Submitted by viktor_hu· Mar 5, 2026Communication and Network Security

Question

What type of encryption is used to protect sensitive data in transit over a network?

Options

  • APayload encryption and transport encryption
  • BAuthentication Headers (AH)
  • CKeyed-Hashing for Message Authentication
  • DPoint-to-Point Encryption (P2PE)

How the community answered

(29 responses)
  • A
    79% (23)
  • B
    3% (1)
  • C
    3% (1)
  • D
    14% (4)

Why each option

Protecting data in transit over a network requires encryption at multiple layers, including both the payload and the transport channel itself.

APayload encryption and transport encryptionCorrect

Payload encryption protects the actual data content (e.g., via protocols like IPsec ESP or TLS record layer), while transport encryption secures the communication channel itself (e.g., TLS/SSL handshake). Together, these two forms of encryption comprehensively protect sensitive data as it traverses a network, addressing both the data and the path it travels.

BAuthentication Headers (AH)

Authentication Headers (AH) is an IPsec protocol that provides data integrity and authentication but does NOT provide encryption of the data payload, making it insufficient for protecting sensitive data confidentiality in transit.

CKeyed-Hashing for Message Authentication

Keyed-Hashing for Message Authentication (HMAC) is a mechanism for verifying data integrity and authenticity using a hash function combined with a secret key, but it does not encrypt data and therefore does not protect confidentiality of data in transit.

DPoint-to-Point Encryption (P2PE)

Point-to-Point Encryption (P2PE) is a specific standard used primarily in payment card industry (PCI) environments to encrypt cardholder data from the point of interaction to a secure decryption environment, and is not a general-purpose network transit encryption type.

Concept tested: Types of encryption protecting data in transit

Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview

Topics

#data in transit encryption#transport encryption#payload encryption#network security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice