New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 SSCP Exam - Topic 9 Question 27 Discussion

Actual exam question for ISC2's SSCP exam
Question #: 27
Topic #: 9
[All SSCP Questions]

Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec. Authentication Headers (AH) provides the following service except:

Show Suggested Answer Hide Answer
Suggested Answer: D

AH provides integrity, authentication, and non-repudiation. AH does not provide encryption which means that NO confidentiality is in place if only AH is being used. You must make use of the Encasulating Security Payload if you wish to get confidentiality.

IPSec uses two basic security protocols: Authentication Header (AH) and Encapsulation Security Payload.

AH is the authenticating protocol and the ESP is the authenticating and encrypting protocol that uses cryptographic mechanisms to provide source authentication, confidentiality and message integrity.

The modes of IPSEC, the protocols that have to be used are all negotiated using Security Association. Security Associations (SAs) can be combined into bundles to provide authentication, confidentialility and layered communication.

Source:

TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, 2001, CRC Press, NY, page 164.

also see:

Shon Harris, CISSP All In One Exam Guide, 5th Edition, Page 758


by Rima at May 09, 2022, 05:51 AM

Limited Time Offer

25%

Off

Get Premium SSCP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Sina
4 months ago
Replay resistance is definitely part of AH, but not confidentiality.
upvoted 0 times
...
Jesusita
4 months ago
Yup, D is the right choice!
upvoted 0 times
...
Corrinne
4 months ago
Wait, are we sure about that? I thought AH had more capabilities.
upvoted 0 times
...
Laurel
4 months ago
Totally agree, it's all about integrity and authentication.
upvoted 0 times
...
Chauncey
5 months ago
AH doesn't provide confidentiality.
upvoted 0 times
...
Louis
5 months ago
I’m a bit confused about replay resistance and non-repudiation; I feel like those might be more related to ESP.
upvoted 0 times
...
Lashaunda
5 months ago
I practiced a similar question where we had to identify what AH does not provide, and I think it was about confidentiality too.
upvoted 0 times
...
Deeanna
5 months ago
I think AH doesn’t provide confidentiality, but I might be mixing it up with ESP.
upvoted 0 times
...
Wendell
5 months ago
I remember AH is mainly about authentication and integrity, but I’m not sure if it covers non-repudiation.
upvoted 0 times
...
Kenneth
5 months ago
This MPLS label mode question looks tricky, but I think I can figure it out. I'll need to review my notes on the different MPLS label distribution modes.
upvoted 0 times
...
Trinidad
5 months ago
I'm a bit stuck on this one. I know it has to do with compound interest, but I'm not sure how to set up the equation correctly.
upvoted 0 times
...
Carisa
5 months ago
Okay, let me think this through step-by-step. The key is to identify the common elements that can be combined to simplify the configuration.
upvoted 0 times
...

Save Cancel