CISA Certified Information Systems Auditor – Question1528 - CISA Certified Information Systems Auditor

Which of the following implementation modes would provide the GREATEST amount of security for outbound data connecting to the internet?

A. Transport mode with authentication header (AH) plus encapsulating security payload (ESP)
B. Secure Sockets Layer (SSL) mode
C. Tunnel mode with AH plus ESP
D. Triple-DES encryption mode

Correct Answer: C

Explanation:

Explanation:
Tunnel mode provides protection to the entire IP package. To accomplish this, AH and ESP services can be nested. The transport mode provides primary protection for the higher layers of the protocols by extending protection to the data fields (payload) of an IP package. The SSL mode provides security to the higher communication layers (transport layer). The triple-DES encryption mode is an algorithm that provides confidentiality.