CCDE: Cisco Certified Design Expert (Practical) — Question 222

A network hacker is trying to interrupt the transport packet on IPSEC. A packet with duplicate sequence numbers is introduced. The customer sends high-priority traffic during this window. Which design parameter should be considered to mitigate this issue?

Answer options

• A. Classify and Mark duplicate sequence packets.
• B. Apply anti-replay window 4096.
• C. Restrict keywork in IPSEC Tunnel.
• D. Increase QoS shape policy.

Correct answer: B

Explanation

The correct answer is B, as applying an anti-replay window helps prevent the acceptance of packets with duplicate sequence numbers, thereby safeguarding the integrity of the communication. Options A and C do not directly address the issue of replay attacks, while option D focuses on traffic shaping rather than securing the packets themselves.