You must configure a site-to-site VPN connection between your company and a business partner. The security policy of your organization states that the source of incoming traffic must be authenticated by a neutral party to prevent spoofing of an unauthorized source gateway.

What accomplishes this goal?

A.
Use a manual key exchange to encrypt/decrypt traffic.

B.
Generate internal Diffie-Hellman public/private key pairs on each VPN device and exchange public keys with the business partner.

C.
Use a third-party certificate authority and exchange public keys with the business partner.

D.
Use a private X.509 PKI certificate and verify it against a third-party certificate revocation list (CRL).