Which description of the Diffie-Hellman protocol is true?

A.
It uses symmetrical encryption to provide data confidentiality over an unsecured
communications channel.

B.
It uses asymmetrical encryption to provide authentication over an unsecured communications

channel.

C.
It is used within the IKE Phase 1 exchange to provide peer authentication.

D.
It provides a way for two peers to establish a shared-secret key, which only they will know,
even though they are communicating over an unsecured channel.

E.
It is a data integrity algorithm that is used within the IKE exchanges to guarantee the integrity of
the message of the IKE exchanges.

Explanation:
http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security
_manager/4.1/user/guide/vpipsec.html
Modulus Group
The Diffie-Hellman group to use for deriving a shared secret between the two IPsec peers without
transmitting it to each other. A larger modulus provides higher security but requires more
processing time. The two peers must have a matching modulus group. Options are:
•1—Diffie-Hellman Group 1 (768-bit modulus).
•2—Diffie-Hellman Group 2 (1024-bit modulus).
•5—Diffie-Hellman Group 5 (1536-bit modulus, considered good protection for 128-bit keys, but
group 14 is better). If you are using AES encryption, use this group (or higher). The ASA supports
this group as the highest group.
•7—Diffie-Hellman Group 7 (163-bit elliptical curve field size).
•14—Diffie-Hellman Group 14 (2048-bit modulus, considered good protection for 128-bit keys).
•15—Diffie-Hellman Group 15 (3072-bit modulus, considered good protection for 192-bit keys).
•16—Diffie-Hellman Group 16 (4096-bit modulus, considered good protection for 256-bit keys).