CompTIA Security+ (SY0-601) — Question 478

A network administrator would like to configure a site-to-site VPN utilizing IPSec. The administrator wants the tunnel to be established with data integrity, encryption, authentication, and anti-replay functions. Which of the following should the administrator use when configuring the VPN?

Answer options

• A. AH
• B. EDR
• C. ESP
• D. DNSSEC

Correct answer: C

Explanation

The correct answer is C, ESP, as it provides encryption, data integrity, authentication, and anti-replay protection for VPN tunnels. Option A, AH, only offers integrity and authentication but lacks encryption, while B, EDR, and D, DNSSEC, are not relevant to IPSec VPN configurations.