Huawei Certified Network Associate – Routing and Switching (HCNA-RS, legacy) — Question 100

If AH and ESP are both required to protect data streams between IPsec peers, how many Security Associations (SA) are required in total?

Answer options

• A. 1
• B. 2
• C. 3
• D. 4

Correct answer: D

Explanation

In IPsec, each security protocol requires its own Security Association. Since both AH (Authentication Header) and ESP (Encapsulating Security Payload) are involved for data protection, each will require one SA for inbound and one for outbound communication, totaling four SAs (two for AH and two for ESP). Therefore, the correct answer is D, while the others underestimate the total required SAs.