GIAC
GSLC · Question #116
GSLC Question #116: Real Exam Question with Answer & Explanation
The correct answer is B. Anti-spoofing C. Anti-replay. IPSec Authentication Header (AH) provides integrity, anti-replay, and anti-spoofing but does not encrypt the IP payload, so it satisfies anti-spoofing and anti-replay requirements but not user authentication or packet encryption.
Question
US Garments wants all encrypted data communication between corporate office and remote location. They want to achieve following results: - Authentication of users - Anti-replay - Anti-spoofing - IP packet encryption They implemented IPSec using Authentication Headers (AHs). Which results does this solution provide? (Click the Exhibit button on the toolbar to see the case study.) Each correct answer represents a complete solution. Choose all that apply.
Options
- AAuthentication of users
- BAnti-spoofing
- CAnti-replay
- DIP packet encryption
Explanation
IPSec Authentication Header (AH) provides integrity, anti-replay, and anti-spoofing but does not encrypt the IP payload, so it satisfies anti-spoofing and anti-replay requirements but not user authentication or packet encryption.
Common mistakes.
- A. AH provides data-origin authentication at the IP packet level by verifying the source IP address, but it does not perform user-level authentication such as username/password or certificate-based identity verification for individual users.
- D. AH does not encrypt the IP payload - it only provides integrity and authentication via HMAC; encryption of IP packet contents requires IPSec ESP (Encapsulating Security Payload), not AH.
Concept tested. IPSec Authentication Header capabilities and limitations vs ESP
Community Discussion
No community discussion yet for this question.