NSE 4 – FortiGate 6.0 — Question 61

Which statement about the IP authentication header (AH) used by IPsec is true?

Answer options

• A. AH does not provide any data integrity or encryption.
• B. AH does not support perfect forward secrecy.
• C. AH provides data integrity bur no encryption.
• D. AH provides strong data integrity but weak encryption.

Correct answer: C

Explanation

The correct answer is C because the IPsec AH is designed to provide data integrity for the packets it secures, but it does not offer encryption. Option A is incorrect as AH does ensure data integrity. Option B is also not accurate because while AH does not provide perfect forward secrecy, it does not pertain to its primary function of ensuring integrity. Option D is misleading since AH does not provide encryption at all, thus it cannot be described as having weak encryption.