🏠 Back to Exam Syllabus 📺 RooCloud on YouTube 🌐 RooCloud Practice Exams

CISSP 11.2 - TCP-IP Model

This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series looks at the model that actually runs the internet, continuing Domain 4. It is the stack your traffic really travels on — the one whose layer names fill firewall designs and incident reports — and knowing its structure and weak points lets you read those documents fluently and anticipate where trouble comes from.

What this episode covers

Watch the full episode above for the worked examples and detailed explanations of each concept.

Frequently Asked Questions

What is the four-layer TCP-IP model?

It is the practical stack that grew out of the internet protocol suite itself. Instead of seven layers, it uses four — from top to bottom they are application, transport, internet, and link, though each carries a few alternate names. It was actually built before the seven-layer reference model existed, like a car that was already on the road before anyone drew the official engineering diagram.

How does the TCP-IP model map to the seven-layer OSI model?

Its four layers absorb the same work the reference model spreads across seven. The application layer covers the top three reference layers at once, folding in presentation and session duties; transport lines up with transport; the internet layer matches the network layer; and the link layer covers both data link and physical. Think of two maps of the same city — same streets, different groupings.

Why does the naming overlap between the two models cause confusion?

The two models share several layer names, and people swap them freely — when someone says transport layer, which model do they mean? The safe habit is a default: unless you are told otherwise, assume the seven-layer reference model, since it is the more widely cited teaching standard. On the exam, read the context first, then decide which map the question is using before you answer.

It was designed for ease of use and interoperability, not for security. The suite is platform-independent and built on open standards, so it runs on nearly every operating system, but it is heavy on resources and relatively easy to attack. Poorly built implementations open the door to buffer overflows, connection-flood attacks, denial of service attacks, fragment and oversized-packet tricks, spoofing, adversary-in-the-middle interception, and session hijacking.

Are there quieter, passive attacks too?

Yes, and they leave no footprint. The suite, like most protocols, is open to passive attacks through simple monitoring or sniffing — an eavesdropper does not break anything or trigger an alarm, they just capture traffic as it flows past and read whatever was not encrypted. That is why encryption matters at every layer: if the data is readable on the wire, a silent observer already has it.

📚 Master the ISC2 CISSP Exam!

Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.


Reference: This article is based on concepts discussed in CISSP 11.2 - TCP-IP Model.