(ISC)2(ISC)2
SSCP · Question #1053
SSCP Question #1053: Real Exam Question with Answer & Explanation
The correct answer is D: Works only with Secret Key Cryptography. IPSec supports both symmetric (secret key) and asymmetric (public key) cryptography for different phases of its operation, therefore it does not work only with secret key cryptography.
Submitted by khalil_dz· Apr 18, 2026Network and Communications Security
Question
All following observations about IPSec are correct except:
Options
- ADefault Hashing protocols are HMAC-MD5 or HMAC-SHA-1
- BDefault Encryption protocol is Cipher Block Chaining mode DES, but other
- CSupport two communication modes - Tunnel mode and Transport mode
- DWorks only with Secret Key Cryptography
Explanation
IPSec supports both symmetric (secret key) and asymmetric (public key) cryptography for different phases of its operation, therefore it does not work only with secret key cryptography.
Common mistakes.
- A. HMAC-MD5 and HMAC-SHA-1 are indeed commonly used and default hashing algorithms for IPSec for data integrity and authentication.
- B. DES (in CBC mode) was a common default or supported encryption algorithm for IPSec, although more robust algorithms like AES are now preferred and widely supported. The 'but other' implies flexibility.
- C. IPSec explicitly supports two primary communication modes: Transport mode (for end-to-end host communication) and Tunnel mode (for network-to-network or host-to-network communication via gateways).
Concept tested. IPSec cryptographic mechanisms
Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/ipsec/ipsec-architecture
Topics
#IPSec#Network Security Protocols#Symmetric Cryptography#Asymmetric Cryptography
Community Discussion
No community discussion yet for this question.