A company implements an IPsec VPN to secure remote employee communications. After a penetration test, the security team finds that an attacker can still see employees' visited websites and read metadata about the connections. However, the actual payloads remain encrypted. What misconfiguration is most likely causing this issue? a) The company used IPsec in Transport Mode instead of Tunnel Mode. b) The VPN did not authenticate users properly before establishing encryption. c) The attacker exploited an AES timing attack to leak partial key information. d) The company used an outdated hashing algorithm in the IKE phase.

Crowdly

Add to Chrome

✅ The verified answer to this question is available below. Our community-reviewed solutions help you understand the material better.

A company implements an IPsec

VPN to secure remote employee communications. After a penetration test, the

security team finds that an attacker can still see employees' visited websites

and read metadata about the connections. However, the actual payloads remain

encrypted.

What misconfiguration

most likely causing this issue?

a) The company used IPsec in

Transport Mode instead of Tunnel Mode.

b) The VPN did not authenticate users properly before establishing encryption.

c) The attacker exploited an AES timing attack to leak partial key information.

d) The company used an outdated hashing algorithm in the IKE phase.

100%

Get Unlimited Answers To Exam Questions - Install Crowdly Extension Now!

Add to Chrome