Joe,
Great question. This question brings up the (once again) the point
that books are fallible. The short answer to your question is the SSL
(version 1 and 2) and called TLS in version 3. Is both layer 4 -
Transport and Layer 5 - Session.
The longer answer is that it is a bad question and shows a lack of
knowledge by the author.
1) The OSI model is a protocol stack model not THE protocol stack
model.
2) Many protocols do not map cleanly to the OSI stack. Some
protocols straddle the OSI boundaries (but would be at a single
layer in another model) and others include multiple protocols as
part of the protocol suite (such as SSL) and therefore map to
multiple OSI layers.
3)SSL is not a single layer protocol. In fact it comprises two
protocols: the record protocol that sits on top of TCP (layer 4) and
encapsulates other protocols; and the handshake protocol that is a
stateful protocol and sits at the session layer (layer 5).
Advice: If you see a question on this phrased such that the author
wants you to map SSL or TLS to the OSI stack narrow the answers down
to layer 4 or 5. If this leaves you with a single answer - go for
it. If it leaves two answers - take a guess. For your own knowledge
know that it is at those two layers.
BTW: I highly doubt the CISSP exam would include such a confused
question.
Good luck.
Doug Landoll, CISSP, CISA
President, Veridyn
------------------------ Yahoo! Groups Sponsor --------------------~-->
Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
Now with Pop-Up Blocker. Get it for free!
http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/kgFolB/TM
--------------------------------------------------------------------~->
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
<*> To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
