SSCP Question #1002: Real Exam Question with Answer & Explanation

The correct answer is B: Works at the Transport layer of the OSI model. IPSec Tunnel mode operates at the Network layer (Layer 3) of the OSI model, not the Transport layer (Layer 4). This is what makes the statement in option B false. In Tunnel mode, the entire original IP packet is encapsulated inside a new IP packet with a new outer header, resulti

Submitted by kevin_r· Apr 18, 2026Network and Communications Security

Question

Which of the following is NOT true about IPSec Tunnel mode?

Options

AFundamentally an IP tunnel with encryption and authentication
BWorks at the Transport layer of the OSI model
CHave two sets of IP headers
DEstablished for gateway service

Explanation

IPSec Tunnel mode operates at the Network layer (Layer 3) of the OSI model, not the Transport layer (Layer 4). This is what makes the statement in option B false. In Tunnel mode, the entire original IP packet is encapsulated inside a new IP packet with a new outer header, resulting in two sets of IP headers (C)-making it fundamentally an IP tunnel with encryption and authentication (A). It is commonly used for gateway-to-gateway VPNs (D), where traffic between two networks is encrypted across an untrusted network like the internet. IPSec Transport mode, by contrast, only encrypts the payload and is used for host-to-host communication.

Topics

#IPSec#Tunnel Mode#OSI Model#Network Protocols

Community Discussion

No community discussion yet for this question.

Full SSCP Practice Browse All SSCP Questions