Systems Security Certified Practitioner – SSCP – Question0932
Which of the following security-focused protocols has confidentiality services operating at a layer different from the others? A. Secure HTTP (S-HTTP) B. FTP Secure (FTPS) C. Secure socket layer (SSL) D. Sequenced Packet Exchange (SPX)
Correct Answer: A
Explanation:
All the previous protocols operate at the transport layer except for Secure HTTP (S-HTTP), which operates at the application layer. S-HTTP has been replaced by SSL and TLS.
As it is very well explained in the Shon Harris book:
The transport layer receives data from many different applications and assembles the data into a stream to be properly transmitted over the network. The main protocols that work at this layer are TCP, UDP, Secure Sockets Layer (SSL), and Sequenced Packet Exchange (SPX).
NOTE: Different references can place specific protocols at different layers. For example, many references place the SSL protocol in the session layer, while other references place it in the transport layer. It is not that one is right or wrong. The OSI model tries to draw boxes around reality, but some protocols straddle the different layers. SSL is made up of two protocols— one works in the lower portion of the session layer and the other works in the transport layer. For purposes of the CISSP exam, SSL resides in the transport layer.
Reference(s) used for this question: Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 526). McGraw-Hill. Kindle Edition.
Please disable your adblocker or whitelist this site!