Which statement correctly contrasts IPsec and SSL/TLS in terms of the layer they secure?

The main idea here is where each security protocol fits in the protocol stack and what it protects. IPsec operates at the network layer, securing IP packets as they travel across networks. It handles encapsulation and protection of entire IP datagrams, so it can secure communications between hosts or between gateways, independent of the application being used. SSL/TLS, on the other hand, lives with the application stack and protects the data produced by a specific application over a connection (typically over TCP). It provides end-to-end security for that application’s traffic between client and server, rather than protecting the raw IP datagrams themselves. So saying that IPsec is a network-layer security mechanism and SSL/TLS is an application-layer security mechanism best captures their distinct scopes. The other statements misplace either IPsec or TLS in the protocol stack.