nerdexam
ExamsSY0-301Questions#435
CompTIA

SY0-301 · Question #435

SY0-301 Question #435: Real Exam Question with Answer & Explanation

The correct answer is C: IPSec VPN tunnels on top of the MPLS link.. IPSec VPN tunnels add cryptographic confidentiality and integrity on top of an MPLS link, which provides only logical isolation but no encryption by default.

Question

A new MPLS network link has been established between a company and its business partner. The link provides logical isolation in order to prevent access from other business partners. Which of the following should be applied in order to achieve confidentiality and integrity of all data across the link?

Options

  • AMPLS should be run in IPVPN mode.
  • BSSL/TLS for all application flows.
  • CIPSec VPN tunnels on top of the MPLS link.
  • DHTTPS and SSH for all application flows.

Explanation

IPSec VPN tunnels add cryptographic confidentiality and integrity on top of an MPLS link, which provides only logical isolation but no encryption by default.

Common mistakes.

  • A. MPLS IPVPN mode still relies on provider-level logical separation with no encryption, meaning the carrier or a compromised MPLS node can still read traffic in plaintext.
  • B. SSL/TLS only protects specific application flows that implement it, leaving other protocols and data flows unprotected across the link.
  • D. HTTPS and SSH protect only specific application-layer protocols and do not provide blanket encryption for all data traversing the MPLS link, leaving gaps for other traffic types.

Concept tested. IPSec over MPLS for confidentiality and integrity

Reference. https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/network/4-1/user/guide/CiscoPrimeNetwork-4-1-UserGuide/mpls-vpn.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice