AWS Certified Advanced Networking – Specialty ANS-C00 – Question255

The IPsec protocol suite is made up of various components covering aspects such as confidentiality, encryption, and integrity.
Select the correct statement below regarding the correct configuration options for ensure IPsec confidentiality:

A.
The following protocols may be used to configure IPsec confidentiality, DES, 3DES, MD5
B. The following protocols may be used to configure IPsec confidentiality, DES, 3DES, AES
C. The following protocols may be used to configure IPsec confidentiality, PSK, RSA
D. The following protocols may be used to configure IPsec confidentiality, PSK, MD5
E. The following protocols may be used to configure IPsec confidentiality, PSK, RSA

Correct Answer: B

Explanation:

Explanation:
Answer A is incorrect – as MD5 is a hashing protocol (data integrity) Answer C is incorrect – as PSK is short for Pre-Shared Keys (key exchange) – and again MD5 is a hashing protocol (data integrity)
Answer D is incorrect – as both MD5 and SHA are hashing protocols (data integrity) Answer E is incorrect – as both PSK and RSA are used for key exchanges This leaves Answer B is the only correct IPsec configuration covering confidentiality. DES, 3DES, and AES are all encryption protocols.
Reference: https://en.wikipedia.org/wiki/IPsec