SY0-701 Question #526: Real Exam Question with Answer & Explanation

Question

A security engineer configured a remote access VPN. The remote access VPN allows end users to connect to the network by using an agent that is installed on the endpoint, which establishes an encrypted tunnel. Which of the following protocols did the engineer most likely implement?

Options

• AGRE
• BIPSec
• CSD-WAN
• DEAP

Explanation

IPSec is the correct choice because it is the industry-standard protocol suite specifically designed to secure IP communications by authenticating and encrypting each packet - it's the backbone of most remote access VPN implementations, providing the encrypted tunnel described in the scenario.

Why the others are wrong:

• GRE (A) creates tunnels but provides no encryption on its own - it's often paired with IPSec, but GRE alone cannot secure the connection.
• SD-WAN (C) is a network architecture/management technology for optimizing wide-area networks, not a VPN tunneling protocol.
• EAP (D) is an authentication framework (used in Wi-Fi and 802.1X), not a tunneling or encryption protocol - it handles who you are, not how the tunnel is secured.

Memory tip: Think "IPSec = I Protect Secrets" - whenever a question mentions an encrypted VPN tunnel between an endpoint agent and a network, IPSec is the protocol doing the heavy lifting. GRE tunnels but doesn't encrypt; EAP authenticates but doesn't tunnel.

No community discussion yet for this question.