shieldCISSP Practice Domain 4 — Communication and Network Security Q73 of 120

Which IPsec mode encrypts the entire original IP packet and adds a new IP header?

A CISSP practice question covering Domain 4: Communication and Network Security. Try answering before reading the explanation below.

▶ Show options & answer

Transport mode

Tunnel mode

✓ Correct answer

Aggressive mode

Quick mode

Why "Tunnel mode" is the right answer

Tunnel mode encapsulates the whole packet inside a new outer IP header — used for site-to-site VPNs. Transport mode encrypts only the payload. Aggressive/Quick mode are IKE phases, not IPsec encapsulation modes.

Study videos for this topic

Want to go deeper on Domain 4? Watch the full breakdown — every video is free, no account, no upsell.

CISSP Domain 4: OSI, IPsec, TLS & VoIP Security

Domain 4 — Communication and Network Security

CISSP Domain 4: Segmentation & Zero Trust Explained

Domain 4 — Communication and Network Security

CISSP Domain 4: Wi-Fi, WPA3, 5G & Cloud Security

Domain 4 — Communication and Network Security

CISSP Domain 4: NAC, Fiber, Firewalls & Endpoint Security

Domain 4 — Communication and Network Security

Take the full CISSP practice test

120 questions, instant explanations, study-video links on every miss. No account.

Start full test →

Which IPsec mode encrypts the entire original IP packet and adds a new IP header?

Study videos for this topic

Other practice tests