Practice Question: VPN Tunnels


Just one word on a CISSP exam question can either provide you the correct answer, or throw you off completely. Let's go over an example. VPN tunnels use IKE negotiations and IPSec to create a private line of communication between two peers. Which of the following below is NOT true about IPsec VPNs? A. IPSec consists of two main protocols: Authentication Header (AH), and Encapsulating Security Payload (ESP) B. IPSec provides confidentiality and integrity through transport layer encryption and authentication over IP networks C. IPSec uses the DIffie-Hellman (DH) protocol to establish a secure communication over communication lines D. IPSec involves encryption, hashing, and Internet Key Exchange (IKE)

The correct answer is B.

A. IPSec consists of two main protocols: Authentication Header (AH), and Encapsulating Security Payload (ESP)

  • Phase 2 of IPSec VPNs provide either AH or ESP. ESP encrypts the whole packet, while AH just provides authentication and integrity and does not encrypt the data. This is true of IPSec VPNs.

B. IPSec provides confidentiality and integrity through transport layer encryption and authentication over IP networks

  • The keyword here is "transport" layer because IPSec operates at the network layer of the OSI model. IPSec does provide confidentiality and integrity, but does so using the network layer, the main clue being "IP", which operates at the network layer.

C. IPSec uses the Diffie-Hellman (DH) protocol to establish a secure communication over communication lines

  • Diffie-Hellman is a key exchange protocol used to exchange keys between two parties over a public communication medium.

D. IPSec involves encryption, hashing, and Internet Key Exchange (IKE)

  • IPSec totally involves encryption for confidentiality, hashing for integrity, and IKE for establishing a security association.

Some of these concepts may be too advanced for the CISSP exam, but it is good to know the actual operation. I get it though, it's hard to understand without some hands-on direct security experience, but if you keep reading about it over and over again and watch videos, it all starts to click.

For more practice questions, videos, study notes, and membership to the Telegram group, become a member:

https://www.studynotesandtheory.com/signup

STUDY RESOURCES

"How To Think Like A Manager for the CISSP Exam" 

Now available

on Amazon Kindle! 

As an Amazon Associate I earn from qualifying purchases.

As an Amazon Associate I earn from qualifying purchases.

MEMBERSHIP
  • 231+ CISSP VIDEOS
  • 700+ PRACTICE QUESTIONS
  • PDF NOTES
  • 1,250 FLASHCARDS
  • TELEGRAM GROUP
  • MONTHLY
    EMAIL UPDATES
  • $29.99 per month
  • $74.99 3-months
  • $144.99 6-months
CRACK THE EXAM
LEARN ABOUT

© 2013 Study Notes and Theory
Terms and Conditions/Privacy Policy

Proudly created to make you

a better security professional.