This is an actual question on the official study guide of a cert (CISM) I am studying for. And it is egregiously, laughably wrong in every aspect. (The bolded answer is what it thinks is correct.)

1) “IP Security v6” is not a real protocol name. There is nothing called that anywhere in my field. There is IPSec, which applies to both IPv4 and IPv6.

2) The explanation about source and destination IPs being inside the encrypted portion is false in general. Too detailed to go into here, but it just does not work like that at all.

3) MITM resistance in IPsec comes from authenticated key exchange and integrity, not from hiding IP addresses.

4) Even good ol’ IPsec does not prevent MITM in all deployment types. Pre-shared keys, for example, are vulnerable such that an MITM attacker can obtain an OTP and log in as the remote user. Also, pretty-common NULL-authenticated IPsec completely does not protect against MITM and should be treated like plaintext traffic in almost all cases.

That question is just wrong in fifty-eleven different ways. Amazing that is on a study guide. But networking is usually the worst area on anything like this as no one knows what the hell they are talking about ever in that field (see the clownishly asinine NAT ISN’T A FIREWALL AND OFFERS NO SECURITY bullshit the Hacker News-type doofs always spout).