Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 528

Which IPsec mode must be used when encrypting data over a public network between two servers with RFC1918 IP addresses?

Answer options

• A. main mode
• B. aggressive mode
• C. transport mode
• D. tunnel mode

Correct answer: D

Explanation

Tunnel mode is the appropriate choice because it encapsulates the entire IP packet, providing security for data being transferred over public networks, such as the Internet. Main mode and aggressive mode are both negotiation modes that establish connections rather than directly encrypting data. Transport mode is not suitable for communication between servers with private IP addresses over public networks, as it only encrypts the payload of the IP packet, leaving the header exposed.