Which one of the following attacks is MOST effective against an Internet Protocol Security
(IPSEC) based virtual private network (VPN)?

A.
Brute force

B.
Man-in-the-middle

C.
Traffic analysis

D.
Replay

Explanation:
Active attacks find identities by being a man-in-the-middle or by replacing the
responder in the negotiation. The attacker proceeds through the key negotiation with the attackee
until the attackee has revealed its identity. In a well-designed system, the negotiation will fail after
the attackee has revealed its identity because the attacker cannot spoof the identity of the
originally-intended system.
The attackee might then suspect that there was an attack because the other side failed before it
gave its identity. Therefore, an active attack cannot be persistent because it would prevent all
legitimate
access to the desired IPsec system.
http://msgs.securepoint.com/cgi-bin/get/ipsec-0201/18.html
Not C: Traffic analysis is a good attack but not the most effective as it is passive in nature, while
Man in the middle is active.