CompTIA Security Exam Practice Questions Sample SY0 501 Q539

An organization has implemented an IPSec VPN access for remote users.
Which of the following IPSec modes would be the MOST secure for this organization to implement?

A. Tunnel mode
B. Transport mode
C. AH-only mode
D. ESP-only mode

Correct Answer: A

Explanation:
In both ESP and AH cases with IPSec Transport mode, the IP header is exposed. The IP header is not exposed in IPSec Tunnel mode.