CompTIA Network+ (N10-008) — Question 709

A network engineer wants to establish a site-o-site VPN tunnel using a protocol that allows for both data confidentially and authentication. Which of the following is the best choice?

Answer options

• A. IKE
• B. AH
• C. ESP
• D. IPSec

Correct answer: C

Explanation

The best choice is ESP (Encapsulating Security Payload) because it provides both data confidentiality through encryption and authentication to ensure data integrity. IKE (Internet Key Exchange) is used for key management, while AH (Authentication Header) only offers authentication without encryption, and IPSec is a framework that includes both AH and ESP but does not specify a single protocol.