nerdexam
Exams101Questions#583
F5

101 · Question #583

101 Question #583: Real Exam Question with Answer & Explanation

The correct answer is A: Source IP Address. TLS encrypts the HTTP application layer payload, but the IP and TCP headers remain in plaintext and are visible in a packet capture without decryption.

Section 4: Security Basics

Question

Without decrypting, what portion of an HTTPS session is visible with a packet capture?

Options

  • ASource IP Address
  • BHTTP Request Headers
  • CCookies
  • DHTTP Response Headers

Explanation

TLS encrypts the HTTP application layer payload, but the IP and TCP headers remain in plaintext and are visible in a packet capture without decryption.

Common mistakes.

  • B. HTTP request headers are part of the application-layer payload and are fully encrypted inside the TLS record, making them unreadable without the session keys.
  • C. Cookies are transmitted within HTTP headers or the request body, both of which are encrypted by TLS and not visible in a packet capture without decryption.
  • D. HTTP response headers are part of the TLS-encrypted payload and cannot be read from a packet capture without decrypting the TLS session.

Concept tested. TLS encryption scope and visible packet fields

Reference. https://www.rfc-editor.org/rfc/rfc8446

Topics

#HTTPS#SSL/TLS encryption#packet capture#visible traffic

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 101 Practice
Without decrypting, what portion of an HTTPS session is visible... | 101 Q#583 Answer | NerdExam