Cisco Certified Network Associate (CCNA) Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Study for the Cisco Certified Network Associate (CCNA) exam with our comprehensive quiz featuring multiple-choice questions and detailed explanations. Prepare effectively and enhance your understanding of networking concepts!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

Which IPsec mode encompasses the entire packet and appends its own header?

  1. Transport mode

  2. Tunnel mode

  3. Secure mode

  4. Data mode

The correct answer is: Tunnel mode

Tunnel mode in IPsec is specifically designed to provide a security mechanism for entire IP packets by encapsulating them within a new IP packet. When tunnel mode is used, the original payload and header are encrypted and then wrapped inside a new IP header. This new header addresses the encapsulated packet to its final destination, while the original header remains hidden from potential attacks or eavesdropping. This mode is particularly useful for site-to-site VPNs, where the entire communication between two sites must be secured. In contrast, transport mode only encrypts the payload of the IP packet, leaving the original IP header intact. This means that the sender and receiver's IP addresses remain exposed, which could be a concern for certain applications where full packet privacy is needed. The other options, "Secure mode" and "Data mode," do not refer to actual modes defined within IPsec, which contributes to their inapplicability in this context. Therefore, tunnel mode is the correct choice because it explicitly describes the process of encapsulating and securing the entire original packet.

More Questions Like This