CCNA: Cisco Certified Network Associate — Question 1166

Which factor must be considered during the implementation of an IPsec VPN?

Answer options

• A. In IPsec tunnel mode, the entire original IP datagram is encrypted.
• B. IPsec transport mode increases GRE tunnel security over tunnel mode.
• C. In IPsec tunnel mode, only the IP payload is encrypted.
• D. IPsec transport mode leaves the Layer 4 header unencrypted for inspection.

Correct answer: A

Explanation

The correct answer is A because in IPsec tunnel mode, the whole original IP datagram, including headers, is encrypted for confidentiality. Options B and C are incorrect as they misrepresent how IPsec operates; B inaccurately states that transport mode enhances GRE security, while C incorrectly claims that only the payload is encrypted in tunnel mode. Option D is also wrong since IPsec transport mode does not specifically leave the Layer 4 header unencrypted for inspection.