CompTIA Security Plus Mock Test Q1063

A new MPLS network link has been established between a company and its business partner. The link provides logical isolation in order to prevent access from other business partners. Which of the following should be applied in order to achieve confidentiality and integrity of all data across the link?

A. MPLS should be run in IPVPN mode.
B. SSL/TLS for all application flows.
C. IPSec VPN tunnels on top of the MPLS link.
D. HTTPS and SSH for all application flows.

Correct Answer: C
Section: Cryptography

Explanation:
IPSec can very well be used with MPLS. IPSec could provide VPN tunnels on top if the MPLS link.
Internet Protocol Security (IPSec) isn’t a tunneling protocol, but it’s used in conjunction with tunneling protocols. IPSec is oriented primarily toward LAN-to-LAN connections, but it can
also be used with dial-up connections. IPSec provides secure authentication and encryption of data and headers; this makes it a good choice for security.

Incorrect Answers:
A: MPLS tunnelling would not hide the logical MPLS link.
B: SSL/TLS could provide encryption, but not the tunnelling required for the logical isolation.
D: To provide the required logical isolation tunnelling should be used. HTTPS and SSH cannot provide tunnelling.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 91, 103-105, 268, 271, 274, 274-275
http://www.networkworld.com/article/2297191/lan-wan/chapter-6–how-ipsec-complements-mpls.html