Answer A,C is correct: A. AH; C. ESP. AH and ESP are the two protocol headers that belong directly to the IPsec suite. Authentication Header provides integrity and authentication for IP packets, while Encapsulating Security Payload provides confidentiality and can also provide integrity and authentication depending on configuration. AES and 3DES are encryption algorithms used by security protocols, not IPsec protocols themselves. TLS is a separate transport/application security protocol used for services such as HTTPS, not an IPsec suite protocol. Cisco CCNA 200-301 v1.1 Security Fundamentals expects candidates to separate security protocols from cryptographic algorithms. The original AES/TLS answer was wrong because it selected one cipher and one non-IPsec protocol. The corrected answer is AH and ESP because those are the IPsec protocol components used to protect traffic at the IP layer.