CompTIA Security+ (SY0-501) — Question 615

An organization has implemented an IPSec VPN access for remote users.
Which of the following IPSec modes would be the MOST secure for this organization to implement?

Answer options

• A. Tunnel mode
• B. Transport mode
• C. AH-only mode
• D. ESP-only mode

Correct answer: A

Explanation

Tunnel mode is the most secure option because it encrypts both the payload and the header, providing a higher level of security for VPN connections. In contrast, Transport mode only encrypts the payload, leaving the header exposed, while AH-only and ESP-only modes do not provide the same level of comprehensive protection.