Just one word on a CISSP exam question can either provide you the correct answer, or throw you off completely. Let's go over an example. VPN tunnels use IKE negotiations and IPSec to create a private line of communication between two peers. Which of the following below is NOT true about IPsec VPNs? A. IPSec consists of two main protocols: Authentication Header (AH), and Encapsulating Security Payload (ESP) B. IPSec provides confidentiality and integrity through transport layer encryption and authentication over IP networks C. IPSec uses the DIffie-Hellman (DH) protocol to establish a secure communication over communication lines D. IPSec involves encryption, hashing, and Internet Key Exchange (IKE)
The correct answer is B.
A. IPSec consists of two main protocols: Authentication Header (AH), and Encapsulating Security Payload (ESP)
Phase 2 of IPSec VPNs provide either AH or ESP. ESP encrypts the whole packet, while AH just provides authentication and integrity and does not encrypt the data. This is true of IPSec VPNs.
B. IPSec provides confidentiality and integrity through transport layer encryption and authentication over IP networks
The keyword here is "transport" layer because IPSec operates at the network layer of the OSI model. IPSec does provide confidentiality and integrity, but does so using the network layer, the main clue being "IP", which operates at the network layer.
C. IPSec uses the Diffie-Hellman (DH) protocol to establish a secure communication over communication lines
Diffie-Hellman is a key exchange protocol used to exchange keys between two parties over a public communication medium.
D. IPSec involves encryption, hashing, and Internet Key Exchange (IKE)
IPSec totally involves encryption for confidentiality, hashing for integrity, and IKE for establishing a security association.
Some of these concepts may be too advanced for the CISSP exam, but it is good to know the actual operation. I get it though, it's hard to understand without some hands-on direct security experience, but if you keep reading about it over and over again and watch videos, it all starts to click.
For more practice questions, videos, study notes, and membership to the Telegram group, become a member: