Implementing Cisco Network Security (IINS, legacy) — Question 105

Which three statements about the IPsec ESP modes of operation are true? (Choose three.)

Answer options

• A. Tunnel mode is used between a host and a security gateway.
• B. Tunnel mode is used between two security gateways.
• C. Tunnel mode only encrypts and authenticates the data.
• D. Transport mode authenticates the IP header.
• E. Transport mode leaves the original lP header in the clear.

Correct answer: A, B, E

Explanation

The correct answers A, B, and E accurately describe the functions of Tunnel mode and Transport mode in IPsec. Tunnel mode can indeed be used between a host and a security gateway as well as between two security gateways. Additionally, Transport mode does leave the original IP header unencrypted. Option C is incorrect because Tunnel mode encrypts the entire packet, including the IP header, and option D is misleading as Transport mode does not authenticate the IP header.