CISSP PRACTICE QUESTIONS – 20210615

Effective CISSP Questions

An IP packet can be divided into two parts: the header and the payload. IPsec encapsulates IP packets in transport mode and tunnel mode and protects them through AH and ESP. AH supports authenticity only, while ESP, a mandatory requirement in IPsec implementation, supports confidentiality and authenticity. Which of the following is incorrect? (Wentz QOTD)
A. AH in the transport mode authenticates the IP packet
B. AH in the tunnel mode authenticates the new IP packet
C. ESP in the transport mode encrypts and authenticates the IP payload
D. ESP in the tunnel mode encrypts and authenticates the new IP packet

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. ESP in the tunnel mode encrypts and authenticates the new IP packet.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams, and an informative reference for security professionals.

IPSec Protocols and Modes
IPSec Protocols and Modes

ESP in the tunnel mode encrypts and authenticates the IP payload of the new IP packet instead of the new IP packet itself. AH authenticates the “IP packet,” while ESP encrypts and authenticates the “IP payload.” The IPsec tunnel mode, either using AH or ESP, creates a new IP packet, so the original IP packet becomes its “payload.”

Reference


IP封包(packet)可以分為兩部分:標頭(header)和酬載(payload)。IPsec以傳輸(transport)模式和隧道(tunnel)模式對IP封包進行封裝(encapsulation),並透過AH和ESP對其進行保護。AH僅支持完整性,而ESP是IPsec實作的強制要求,它支持機密性和完整性。以下哪項是不正確的?(Wentz QOTD)
A. 傳輸模式下的AH對IP packet進行真實性驗證
B. 隧道模式下的AH對新的IP packet進行 真實性驗證
C. 傳輸模式下的ESP對 IP payload進行加密和真實性驗證
D. 隧道模式下的ESP對新的IP packet進行加密和真實性驗證


Leave a Reply