NSE 4 – FortiGate 6.2 — Question 24

Which statement about the IP authentication header (AH) used by IPsec is true?

Answer options

• A. AH does not support perfect forward secrecy.
• B. AH provides strong data integrity but weak encryption.
• C. AH provides data integrity but no encryption.
• D. AH does not provide any data integrity or encryption.

Correct answer: C

Explanation

The correct answer is C because AH ensures data integrity through hashing but does not offer encryption, meaning the data remains visible during transmission. Option A is incorrect since perfect forward secrecy is not applicable to AH. Options B and D are also incorrect as they misrepresent AH's capabilities regarding data integrity and encryption.