Exam SY0-601 topic 1 question 662 discussion

A. AH (Authentication Header) provides authentication and data integrity but does not offer encryption or anti-replay protection. It does not encrypt the payload. B. EDR (Endpoint Detection and Response) is a security technology used for detecting and responding to advanced threats and breaches on endpoints (computers and servers). It's not related to configuring VPNs. C. ESP (Encapsulating Security Payload) is the correct choice for a site-to-site VPN when you need encryption, authentication, data integrity, and anti-replay protection. D. DNSSEC (Domain Name System Security Extensions) is used to add security to the DNS by providing authentication and data integrity for DNS data. It's not directly related to configuring VPNs with the specified requirements.

Here are my Two Cents: VPN works on Layer 3. The only choice that runs on Layer 3 is Option C. ESP.

I too picked ESP but im conflicted about the ani-replay requirement. I know AH provides ani-replay not ESP. right?

for sure C

ESP is the Encapsulating Security Payload protocol in IPSec. It provides data confidentiality, connectionless data integrity, data origin authentication, an anti-replay service (a form of partial sequence integrity), and limited traffic-flow confidentiality.

IPsec includes Encapsulating Security Payload (ESP) to encrypt the data and provide confidentiality. ESP includes AH so it provides confidentiality, authentication, and integrity. -Security+ SY0-601 Get Certified Get Ahead by Darril Gibson

C is correct: Encapsulating Security Payload (ESP) is a member of the Internet Protocol Security (IPsec) set of protocols that encrypt and authenticate the packets of data between computers using a Virtual Private Network (VPN). The focus and layer on which ESP operates makes it possible for VPNs to function securely.