CompTIA Security+ (SY0-501) — Question 525

While monitoring the SIEM, a security analyst observes traffic from an external IP to an IP address of the business network on port 443. Which of the following protocols would MOST likely cause this traffic?

Answer options

• A. HTTP
• B. SSH
• C. SSL
• D. DNS

Correct answer: C

Explanation

Port 443 is primarily used for secure communications, which is facilitated by SSL (Secure Sockets Layer) or its successor, TLS (Transport Layer Security). HTTP operates over port 80, SSH typically uses port 22, and DNS operates on port 53, making them unlikely candidates for traffic on port 443.