Which of the following protocols provides connectionless integrity and data origin authentication of
IP packets?

A.
ESP

B.
AH

C.
IKE

D.
ISAKMP

Explanation:
Authentication Header (AH) is an IPsec protocol. AH provides connectionless integrity
and data origin authentication of IP packets. It protects
the IP packets against replay attacks by using the sliding window technique and discarding old
packets. AH can also protect the IP payload
and all header fields of an IP datagram except for mutable fields.
Answer option A is incorrect. Encapsulating Security Payload (ESP) is an IPSec protocol that provides
confidentiality with authentication,
integrity, and anti-replay. ESP can be used alone in combination with Authentication Header (AH).
ESP can also be used nested with the Layer
Two Tunneling Protocol (L2TP). Normally, ESP does not sign the entire packet unless it is being
tunneled. Typically, only the data payload is
protected, not the IP header.
Answer option C is incorrect. IKE (Internet Key Exchange) is the protocol used to set up a security
association (SA) in the IPsec protocol suite.
IKE uses a Diffie-Hellman key exchange to set up a shared session secret, from which cryptographic
keys are derived. Public key techniques or
alternatively pre-shared keys are used to mutually authenticate the communicating parties.
Answer option D is incorrect. ISAKMP (Internet Security Association and Key Management Protocol)
is a protocol for establishing Security
Associations (SA) and cryptographic keys in an Internet environment. It provides a framework for the
negotiation and management of security
associations between peers and traverses on UDP/500 port. ISAKMP defines the procedures for
authenticating a communicating peer,
creation and management of Security Associations, key generation techniques, and threat
mitigation.