top of page

FOUR OF THE BEST THINGS YOU CAN BUY TO PASS THE CISSP EXAM

71OMr0D4FrL._SL1500_.jpg
119159849_10158061653118813_5314694876572739015_n.jpg
four video.png
71eSH5cSYiL._SL1377_.jpg

Practice Question: VPN Tunnels


Just one word on a CISSP exam question can either provide you the correct answer, or throw you off completely. Let's go over an example. VPN tunnels use IKE negotiations and IPSec to create a private line of communication between two peers. Which of the following below is NOT true about IPsec VPNs? A. IPSec consists of two main protocols: Authentication Header (AH), and Encapsulating Security Payload (ESP) B. IPSec provides confidentiality and integrity through transport layer encryption and authentication over IP networks C. IPSec uses the DIffie-Hellman (DH) protocol to establish a secure communication over communication lines D. IPSec involves encryption, hashing, and Internet Key Exchange (IKE)

The correct answer is B.

A. IPSec consists of two main protocols: Authentication Header (AH), and Encapsulating Security Payload (ESP)

  • Phase 2 of IPSec VPNs provide either AH or ESP. ESP encrypts the whole packet, while AH just provides authentication and integrity and does not encrypt the data. This is true of IPSec VPNs.

B. IPSec provides confidentiality and integrity through transport layer encryption and authentication over IP networks

  • The keyword here is "transport" layer because IPSec operates at the network layer of the OSI model. IPSec does provide confidentiality and integrity, but does so using the network layer, the main clue being "IP", which operates at the network layer.

C. IPSec uses the Diffie-Hellman (DH) protocol to establish a secure communication over communication lines

  • Diffie-Hellman is a key exchange protocol used to exchange keys between two parties over a public communication medium.

D. IPSec involves encryption, hashing, and Internet Key Exchange (IKE)

  • IPSec totally involves encryption for confidentiality, hashing for integrity, and IKE for establishing a security association.

Some of these concepts may be too advanced for the CISSP exam, but it is good to know the actual operation. I get it though, it's hard to understand without some hands-on direct security experience, but if you keep reading about it over and over again and watch videos, it all starts to click.

For more practice questions, videos, study notes, and membership to the Telegram group, become a member:

bottom of page