Which mode of IPsec provides security and confidentiality of data transmitted within a local area network?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

Which mode of IPsec provides security and confidentiality of data transmitted within a local area network?

Explanation:
This question tests understanding of how IPsec modes provide security inside a local area network. Encapsulating Security Payload (ESP) is the part of IPsec that delivers encryption (confidentiality) and can also provide integrity/authentication. It can operate in two modes: transport mode and tunnel mode. In transport mode, ESP encrypts only the payload of the IP packet while leaving the original IP header exposed. This preserves the original addressing and is suitable for host-to-host communication within the same network, giving confidentiality for the data being transmitted between those hosts. This makes it the right choice for securing data inside a LAN where the endpoints are hosts on the same network. ESP tunnel mode, by contrast, encrypts the entire original packet and wraps it inside a new IP header. This is typically used for gateway-to-gateway connections or VPNs that span networks, not for local host communications within a LAN. AH provides authentication and integrity but not encryption, so it does not give confidentiality. IKEv2 is a key exchange protocol used to set up IPsec associations, not a mode that itself secures data. So, the mode that provides security and confidentiality of data transmitted within a local area network is ESP in transport mode.

This question tests understanding of how IPsec modes provide security inside a local area network. Encapsulating Security Payload (ESP) is the part of IPsec that delivers encryption (confidentiality) and can also provide integrity/authentication. It can operate in two modes: transport mode and tunnel mode.

In transport mode, ESP encrypts only the payload of the IP packet while leaving the original IP header exposed. This preserves the original addressing and is suitable for host-to-host communication within the same network, giving confidentiality for the data being transmitted between those hosts. This makes it the right choice for securing data inside a LAN where the endpoints are hosts on the same network.

ESP tunnel mode, by contrast, encrypts the entire original packet and wraps it inside a new IP header. This is typically used for gateway-to-gateway connections or VPNs that span networks, not for local host communications within a LAN.

AH provides authentication and integrity but not encryption, so it does not give confidentiality. IKEv2 is a key exchange protocol used to set up IPsec associations, not a mode that itself secures data.

So, the mode that provides security and confidentiality of data transmitted within a local area network is ESP in transport mode.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy