Studying for 501 and this question has got me stumped - tunelling with MAC visible over the net

eurotechieeurotechie Member Posts: 2 ■□□□□□□□□□
 I can't figure out the answer to the question below. Could someone please advise:

A security engineer wants to implement a site-to-site VPN that will require SSL certificates for mutual authentication. Which of the following should the engineer implement if the design requires client MAC address to be visible across the tunnel?

A.Tunnel mode IPSec
B.Transport mode VPN IPSec
Answer: D

I'm thinking the answer should B, but I'm not sure. SSL VPN just sounds too vague. Some advice would be appreciated...


  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    I didn't even know you could do that. All my MAC address scanning tools seem useless whenever I'm VPNed into a network and I just assumed it was not possible. Curious to know the answer.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • deadjoedeadjoe Member Posts: 24 ■■■□□□□□□□
    edited October 2019
    All four can use certs for auth. A and C use Layer 3 routing. B is host-to-host not site-to-site.

    OpenVPN is an example of an SSL VPN that can do Layer 2 bridging site-to-site.

    I don't like this question though. It's too difficult for Security+.
  • eurotechieeurotechie Member Posts: 2 ■□□□□□□□□□
Sign In or Register to comment.