CompTIA Security+ (SY0-501) — Question 954

An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not confidentiality protection.
Which of the following AES modes of operation would meet this integrity-only requirement?

Answer options

• A. HMAC
• B. PCBC
• C. CBC
• D. GCM
• E. CFB

Correct answer: A

Explanation

HMAC is a mechanism that provides message integrity and authentication but does not encrypt the data, fulfilling the integrity-only requirement. The other options, such as CBC, GCM, and CFB, are modes that include encryption for confidentiality, which does not meet the specified need for integrity without confidentiality.