Which of the following statements are true about point to point security?
A.
It is often implemented using transport security protocols such as SSL/TLS.
B.
It is designed to transport sensitive data over unprotected networks.
C.
After data reaches an endpoint, it offers no further protection.
D.
It can be combined with other forms of security such as perimeter security and defensein depth
E.
SSL/TLS is used sparingly because it is difficult to set up.
Explanation:
A: The downside to TLS is that it only protects data in transit, or “point-to-point”.
Once
data is received, it is no longer protected.
B: Point to point security is often used as a
default or minimal security option in order to protect messages over insecure
networks.
C:A lesser alternative to end to end security is point to point security. This is used to
protect messages in transit. It assumes that other means of security are used to protect
messages during processing and persistence.
Generally, less effort is made to protect data behind the corporate firewall.
This opens up a number of vulnerabilities and risks to an organization.
E: SSL/TLS is not so hard to set up. It is popular.
Reference: Oracle Reference Architecture,Security, Release 3.1