Cisco Certified Network Associate (CCNA) Practice Exam

What does the Encapsulation Security Payload (ESP) provide in IPsec?

• A. Data encryption only
• B. Confidentiality, integrity, and anti-replay protection
• C. Simple data transmission
• D. Data compression and integrity protection

The correct answer is: Confidentiality, integrity, and anti-replay protection

The Encapsulation Security Payload (ESP) in IPsec is designed to provide a comprehensive set of security services for IP packets. The correct answer highlights that ESP delivers three critical functionalities: confidentiality, integrity, and anti-replay protection. Confidentiality is achieved through the encryption of the payload data, ensuring that even if the data packets are intercepted, the content remains unreadable to unauthorized individuals. Integrity is provided by creating a cryptographic hash of the data, allowing the recipient to verify that the data has not been altered during transmission. This is crucial for maintaining the authenticity of the data being sent. Anti-replay protection prevents malicious actors from capturing packets and re-sending them to deceive recipients. This feature uses sequence numbers and other mechanisms to ensure that each packet is unique, thereby blocking any duplicate packets that could compromise the security and integrity of the communication. In contrast, options suggesting that it provides only data encryption, simple data transmission, or data compression and integrity protection do not accurately reflect the full range of services that ESP offers within the IPsec framework. These functionalities are important for securing communications over an IP network, highlighting why option B is the correct choice.