Certified Network Defender (CND) — Question 22
The agency Jacob works for stores and transmits vast amounts of sensitive government data that cannot be compromised. Jacob has implemented Encapsulating
Security Payload (ESP) to encrypt IP traffic. Jacob wants to encrypt the IP traffic by inserting the ESP header in the IP datagram before the transport layer protocol header. What mode of ESP does Jacob need to use to encrypt the IP traffic?
Answer options
- A. Jacob should use ESP in pass-through mode.
- B. Jacob should utilize ESP in tunnel mode.
- C. He should use ESP in gateway mode.
- D. He should use ESP in transport mode.
Correct answer: B
Explanation
The correct answer is B, as tunnel mode is designed to encrypt the entire IP packet, including the original IP header, which is essential for secure transmission over potentially insecure networks. Options A and C are incorrect because pass-through and gateway modes do not provide the same level of encryption for the entire IP traffic. Option D is also incorrect since transport mode only encrypts the payload and not the IP header, which is not suitable for Jacob's requirements.