IPsec Protocol for Data Integrity | CCIE Security Exam Question | Cisco

IPsec Protocol for Data Integrity

Prev Question Next Question

Question

Which IPsec protocol provides data integrity but no data encryption?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A.

The correct answer to the question is A. AH (Authentication Header). AH provides data integrity, which ensures that the data has not been tampered with during transmission. However, it does not provide data encryption, which means that the data is still visible in plain text.

AH is an IPsec protocol that is used to provide authentication and integrity for IP packets. It adds a header to the packet, which includes a cryptographic hash of the packet contents. This hash is used to verify that the packet has not been modified during transmission. AH does not provide encryption, so the original packet is still visible in plain text.

In contrast, ESP (Encapsulating Security Payload) provides both data integrity and encryption. It adds a header and trailer to the packet, which includes a cryptographic hash and encryption of the packet contents. This ensures that the data is both protected from tampering and hidden from prying eyes.

SPI (Security Parameter Index) is a component of both AH and ESP. It is used to identify the security association that is being used to protect the packet. DH (Diffie-Hellman) is a key exchange protocol that is used to establish shared secret keys between two parties. It is not directly related to IPsec, but it is often used in conjunction with it to establish the keys that are used for encryption and authentication.

In summary, the correct answer to the question is A. AH. AH provides data integrity but no data encryption, while ESP provides both data integrity and encryption.