nerdexam
(ISC)2

CISSP-ISSAP · Question #132

Which of the following layers of the OSI model provides non-repudiation services?

The correct answer is A. The application layer. Application layer (A) provides non-repudiation services because it operates at the level where end-user protocols like email (S/MIME), digital signatures, and authentication mechanisms actually function - these are the tools that create auditable proof of who sent or received dat

Security Architecture Modeling

Question

Which of the following layers of the OSI model provides non-repudiation services?

Options

  • AThe application layer
  • BThe data-link layer
  • CThe presentation layer
  • DThe physical layer

How the community answered

(43 responses)
  • A
    86% (37)
  • B
    7% (3)
  • C
    5% (2)
  • D
    2% (1)

Explanation

Application layer (A) provides non-repudiation services because it operates at the level where end-user protocols like email (S/MIME), digital signatures, and authentication mechanisms actually function - these are the tools that create auditable proof of who sent or received data.

B (Data-link) is wrong - it handles node-to-node delivery and MAC addressing, with no concept of user identity or accountability. C (Presentation) is wrong - it deals with data formatting, encryption/decryption syntax, and compression, not identity verification or audit trails. D (Physical) is wrong - it's purely about bits and signals over wire/radio, with no awareness of users or transactions.

Memory tip: Non-repudiation requires identity - you can only prove someone "can't deny" an action if the layer knows who they are. Only the Application layer talks to actual users and applications, so it's the only one that can bind an action to a specific identity.

Topics

#Non-repudiation#OSI Model#Application Layer#Digital signatures

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice