In IPsec which mode encapsulates the entire original IP packet inside a new packet?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the WGU ITAS 2142 D830 Introduction to Cryptography Exam. Review flashcards and multiple choice questions with hints and explanations. Get ready for your exam!

Multiple Choice

In IPsec which mode encapsulates the entire original IP packet inside a new packet?

Explanation:
Encapsulating the entire original IP packet inside a new IP packet is the behavior of IPsec Tunnel mode. In this mode, a new outer IP header is added, and the whole original IP packet—the header and payload—is encrypted and authenticated as a unit. This lets the packet travel securely across an untrusted network from one tunnel endpoint to another, while the outer header handles routing between those endpoints. The inner header stays hidden and protected, which is ideal for site-to-site VPNs or gateway-to-gateway connections. By contrast, Transport mode keeps the original IP header intact and only protects the payload, so the routing information in the inner header remains visible. This is typically used for end-to-end protection between two hosts on a directly connected network, not for traversing multiple networks with gateways in between. IKE is the key exchange protocol used to negotiate IPsec security associations, not a mode of encapsulation, and Hybrid mode is not a standard IPsec mode.

Encapsulating the entire original IP packet inside a new IP packet is the behavior of IPsec Tunnel mode. In this mode, a new outer IP header is added, and the whole original IP packet—the header and payload—is encrypted and authenticated as a unit. This lets the packet travel securely across an untrusted network from one tunnel endpoint to another, while the outer header handles routing between those endpoints. The inner header stays hidden and protected, which is ideal for site-to-site VPNs or gateway-to-gateway connections.

By contrast, Transport mode keeps the original IP header intact and only protects the payload, so the routing information in the inner header remains visible. This is typically used for end-to-end protection between two hosts on a directly connected network, not for traversing multiple networks with gateways in between.

IKE is the key exchange protocol used to negotiate IPsec security associations, not a mode of encapsulation, and Hybrid mode is not a standard IPsec mode.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy