It all comes down to what you define as "general knowgledge" for a developer should be and that is highly subjective.
Can I be snarky for a moment and just enjoy the irony of a sentence that wonders what should be considered to be "general knowledge", and it has the word "knowledge" misspelled? :) Continuing with the theme, I'm sure I just made a run-on or something in the midst of my pedantry.
OK, back to business. This is a hard question to answer for a senior developer, what should be considered to be "general knowledge". I think that to be a successful developer at the senior level, you really need to know a little bit about a lot of things, and be able to look up what you don't know.
By way of example, as a developer, if I were to see something like "192.168.0.0/24", I recognize that immediately as an IP address range in CIDR notation. Mind you, I have no earthly clue how to compute that range--I'm not a network guy--but I know what it is in the general sense. Enough to google for "CIDR calculator" in order to compute the range in a format that I understand.
Part of being a developer is having a decent working knowledge of security concepts. Like "Oh, I'm sending a file across the public Internet. Someone could intercept that. I'd better protect it somehow with encryption." Maybe the developer doesn't quite know what type of encryption to use yet. Should the connection be encrypted, or the file? Or both? Is it required to verify the authenticity of the file? Should it be signed? Or is it good enough to verify the remote host? Or some type of login?
Incidentally, I disagree with OP that the answer of "The person started off by asking me if it was an excel file, a PDF, etc." was totally unacceptable. Excel and the PDF standards both have encryption support, so if the "sensitive data" were an Excel file, the path of least resistance would be to pointy-clicky through the menu and click "Encrypt this here spreadsheet" (or whatever the command is). Likewise with the PDF, but with Acrobat instead. Of course this does not solve the general problem of "how do I protect sensitive data?", but maybe he doesn't want to bother looking up and verifying your public key, installing GPG or setting up S/MIME or whatever if a simple solution exists. If I were to send you a spreadsheet of salary data for the company, you can bet I'd just encrypt the fucker within excel and tell you the password via some other channel like the telephone.