Here's Q204 from cccure's quizzer:

Question 204 | Difficulty level: 5/5 | Relevancy: 3/3

Which of the following OSI layers does not provide confidentiality?
A Presentation
B Network
C Data Link
D Transport

The answer is: C - Data Link

I don't understand why. The way I see it, all of the answers are wrong since I can find at least one confidentiality service offered at all layers.

Presentation layer is responsible for data encryption and decryption, so it clearly provides confidentiality.

IPSec works at Network level

PPTP works at Data link

SSL/TLS work at Transport.

Here's the explanation from the quizzer:

The transport layer provides end-to-end data transport services and establishes the logical connection between two communicating computers but it also include protocol such as SSH which provide confidentiality for information in transit. The presentation layer provides authentication and authorization services. The network layer provides confidentiality, authentication, data integrity, and access control services.
Source: HARRIS, Shon, Partially from the All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 7: Telecommunications and Network Security (page 351).

Man that is a tough one and a long answer.

Here is my answer before I did any research.

The only thing I can really think of without a lot of research is that the question maker uses a reference that may be out of context with what the question is trying to ask. Everything in the reference it true. So maybe they were thinking... If these things are true, then this other thing ('c' in this case)which is not referenced specifically in this paragraph must be false.

By the way, PPTP did/does such a terrible job securing data in any manner, that it could be said that it does NOT in reality, provide confidentiality.

Here is my answer after I did only a small amount of research:

Read this link: http://csrc.nist.gov/publications/nistbul/itl-bulletin-April2006.txt

Here is an excerpt: The data link layer handles communications on the physical network components. Controls at this level
protect a specific physical link. Since each physical link must be secured separately, controls at this level
are not feasible for protecting connections that involve several links, including most connections across the
Internet.

Interestingly enough the question reference is four years older than the web link, so maybe our question maker was all over this stuff.

And...maybe 'c" isn't such a bad answer after all. There is a lot to look at on the web in regards to this subject. just google "data link layer confidentiality."


NOTE: Some of the questions on this site do not have straight forward answers and a few may even be wrong. Personally, I like that. It provides excellent opportunities to do your own research. I guarantee that anyone who researches this question will come away from that research with more knowledge, and a better understanding, of data security in the OSI layers. [I know I did]

It has been said time and time again, do NOT use the quizzes to memorize the answers. Use them to measure yourselves and to identify your weak areas for further study.