PrepAway - Latest Free Exam Questions & Answers

What IPSec mode is used to encrypt traffic between clie…

What IPSec mode is used to encrypt traffic between client and server vpn endpoints?

PrepAway - Latest Free Exam Questions & Answers

A.
tunnel

B.
Trunk

C.
Aggregated

D.
Quick

E.
Transport

Explanation:
BD
16.02.2017
@Tullipp on securitytut.com commented:
“the IPSEC Mode question did come up. It has been been very badly worded in the dumps and I knew It cant
be right.
The question that comes in the exam is “between client and server vpn endpoints”.
So the keyword here is vpn endpoints. Not the end points like its worded in the dumps.
So the answer is transport mode.”+ IPSec Transport mode is used for end-to-end communications, for example, for communication between
a client and a server or between a workstation and a gateway (if the gateway is being treated as a host). A
good example would be an encrypted Telnet or Remote Desktop session from a workstation to a server.
+ IPsec supports two encryption modes: Transport mode and Tunnel mode. Transport mode encrypts only
the data portion (payload) of each packet and leaves the packet header untouched. Transport mode is
applicable to either gateway or host implementations, and provides protection for upper layer protocols as well
as selected IP header fields.
Source: http://www.firewall.cx/networking-topics/protocols/870-ipsec-modes.html
http://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-0/ip_security/provisioning/guide/
IPsecPG1.html
Generic Routing Encapsulation (GRE) is often deployed with IPsec for several reasons, including the following:
+ IPsec Direct Encapsulation supports unicast IP only. If network layer protocols other than IP are to be
supported, an IP encapsulation method must be chosen so that those protocols can be transported in IP
packets.
+ IPmc is not supported with IPsec Direct Encapsulation. IPsec was created to be a security protocol between
two and only two devices, so a service such as multicast is problematic. An IPsec peer encrypts a packet so
that only one other IPsec peer can successfully perform the de-encryption. IPmc is not compatible with this
mode of operation.
Source: https://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/
ccmigration_09186a008074f26a.pdf


Leave a Reply