CompTIA Network+ N10-006 Q150

Which of the following is true about the main difference between a web session that uses port 80 and one that uses port 443?

A. Port 80 web sessions often use application-level encryption, while port 443 sessions often use transport-level encryption.
B. Port 80 web session cannot use encryption, while port 443 sessions are encrypted using web certificates.
C. Port 80 web sessions can use web application proxies, while port 443 sessions cannot traverse web application proxies.
D. Port 80 web sessions are prone to man-in-the-middle attacks, while port 443 sessions are immune from man-in-the-middle attacks.

Correct Answer: D
Section: Industry standards, practices, and network theory

Explanation:
HTTPS stands for HTTP over SSL or HTTP Secure. It is used for secure access to websites. Port 80 web sessions are HTTP (HyperText Transfer Protocol) sessions which offers no security. Port 443 web sessions use HTTPS. HTTPS uses SSL or TLS to encrypt the HTTP traffic.
HTTPS provides authentication of the website and associated web server that you are communicating with, which protects against man-in-the-middle attacks. Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication.