312-50V11 · Question #792
Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?
The correct answer is A. IPsec. IPsec is the only Layer 3 protocol listed, providing end-to-end encryption at the IP layer independently of the application protocol being used.
Question
Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?
Options
- AIPsec
- BSFTP
- CFTPS
- DSSL
How the community answered
(37 responses)- A73% (27)
- B8% (3)
- C3% (1)
- D16% (6)
Why each option
IPsec is the only Layer 3 protocol listed, providing end-to-end encryption at the IP layer independently of the application protocol being used.
IPsec (Internet Protocol Security) operates at OSI Layer 3 and encrypts and authenticates all IP packets, making it transparent to higher-layer protocols such as FTP without requiring any modification to the FTP application. Because encryption is applied at the network layer, it provides end-to-end protection across any underlying network path. IPsec can be deployed in transport mode for host-to-host encryption or tunnel mode for gateway-to-gateway encryption, both of which fully encapsulate and protect the FTP data stream.
SFTP is an application-layer file transfer protocol built over SSH that replaces FTP entirely rather than encrypting a Layer 3 connection.
FTPS secures FTP using TLS, which operates at the Transport/Session layer (Layers 4-5), not at Layer 3.
SSL operates at the Transport/Session layer (Layers 4-5) and is not a Layer 3 protocol, so it cannot provide network-layer encryption for arbitrary IP traffic.
Concept tested: IPsec as Layer 3 end-to-end encryption protocol
Source: https://www.rfc-editor.org/rfc/rfc4301
Topics
Community Discussion
No community discussion yet for this question.