IPsec security associations are unidirectional by design; to protect traffic in both directions you need multiple SAs.

Prepare for the Network Security (NETSEC) 3 Test with flashcards and multiple choice questions. Each question offers hints and explanations. Get exam-ready efficiently!

Multiple Choice

IPsec security associations are unidirectional by design; to protect traffic in both directions you need multiple SAs.

Explanation:
IPsec security associations are unidirectional, meaning each SA protects traffic in a single direction—from one endpoint to the other—using a specific set of parameters (SPI, encryption, integrity, mode, keys). To have protection for traffic traveling in the opposite direction, a separate SA is required with its own SPI and keys. In practice, a pair of SAs is used for a bidirectional tunnel: one SA handles traffic from A to B, and another handles traffic from B to A. If there are multiple tunnels or peers, you’ll have additional SAs, but the core idea is that each SA covers only one direction, so bidirectional protection needs SAs for both directions.

IPsec security associations are unidirectional, meaning each SA protects traffic in a single direction—from one endpoint to the other—using a specific set of parameters (SPI, encryption, integrity, mode, keys). To have protection for traffic traveling in the opposite direction, a separate SA is required with its own SPI and keys. In practice, a pair of SAs is used for a bidirectional tunnel: one SA handles traffic from A to B, and another handles traffic from B to A. If there are multiple tunnels or peers, you’ll have additional SAs, but the core idea is that each SA covers only one direction, so bidirectional protection needs SAs for both directions.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy