Exam CISSP topic 1 question 6 discussion

Answer D Security Kernal : In computer and communications security, the central part of a computer or communications system hardware, firmware, and software that implements the basic security procedures for controlling access to system resources. TCB : The trusted computing base (TCB) of a computer system is the set of all hardware, firmware, and/or software components that are critical to its security, in the sense that bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system. By contrast, parts of a computer system outside the TCB must not be able to misbehave in a way that would leak any more privileges than are granted to them in accordance to the security policy. Reference Monitor: reference monitor concept defines a set of design requirements on a reference validation mechanism, which enforces an access control policy over subjects' (e.g., processes and users) ability to perform operations (e.g., read and write) on objects (e.g., files and sockets) on a system. The properties of a reference monitor are captured by the acronym NEAT https://en.m.wikipedia.org/wiki/Security_kernel

Kernel relates to relationships between objects in the OS, the Refence Monitor refers to access rights subjects have to those objects so I'm going with D

i was actually looking for firmware cos it is part of the security kernel. D

D. Security kernel is the part of an operating system (OS) that is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system. The security kernel is the core component of the Trusted Computing Base (TCB) and it enforces the security policy of the system by mediating all access to system resources. The reference monitor is a concept that describes the idealized functionality of the security kernel. Time separation refers to the practice of running different processes or applications at different times to prevent interference or data leakage.

The security kernel is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system. It is a core component of the operating system that enforces security policies, controls access to system resources, and mediates interactions between different components of the system. The security kernel acts as a trusted boundary, ensuring that only authorized actions are performed and protecting the system from unauthorized access or malicious activities. It is designed to be highly reliable, tamper-proof, and resistant to attacks, making it a critical component for maintaining the security of the overall computing system.

The answer is D because the Security kernel is the part of an operating system responsible for providing security interfaces among the hardware, OS, and other parts of the computing system, not A.

The answer is A. A. The reference monitor validates access to every resource prior to granting the requested access. The other options are incorrect. Option D, the security kernel, is the collection of TCB components work together to implement the reference monitor functions. In other words, the security kernel is the implementation of the reference monitor concept. Option B, a TCB partition, and option C, a trusted library, are not valid TCB concept components.

C. The reference monitor validates access to every resource prior to granting the requested access. The other options are incorrect. Option D, the security kernel, is the collection of TCB components that work together to implement the reference monitor functions. In other words, the security kernel is the implementation of the reference monitor concept. Option A, a TCB partition, and option B, a trusted library, are not valid TCB concept components.

Please read what is refernce monitor properly, its an abstract, an idea, (as per CISSP official textbook) the outcome of that abstract is implemente as the security kernel.

D Security Kernel looks to be correct for reasons already listed. They're asking about a part of an OS.

Security Kernel: The collection of the TCB components that implment the functionality of the reference monitor. The central part of a computer system (hardware, software or firmware) that implements the fundamental security procedures for controlling access to system resources Reference Monitor: Logical part of the TCB that confirms whether a subject has the right to use a resource prior to granting access. Mediates all access between Subjects and Objects.

Is the answer a? It is marked as correct.

D - Reference Monitor is conceptual and TCB is an architecture This link does a nice job of explaining it in detail https://www.pearsonitcertification.com/articles/article.aspx?p=1998558&seqNum=3

Answer D) Security Kernel https://www.cse.psu.edu/~trj1/cse443-s12/docs/ch6.pdf

The key to the question is what part of the OS. D) Security Kernel is physically part of the OS and reference monitor is the theory of how it is supposed to do it's job. https://www.cm-alliance.com/cissp/trusted-computing-base/-tcec-itsec-and-common-criteria#:~:text=a%20computing%20device.-,Security%20Kernel,security%20policy%20(Reference%20Monitor).

B. Trusted Computing Base (TCB) The Trusted Computing Base (TCB) in an operating system is responsible for providing security interfaces among the hardware, OS, and other components of the computing system. It represents the set of components and processes that are critical for security and that must be trusted to enforce the system's security policy. The TCB includes the security kernel, which is responsible for enforcing security policies and protecting against unauthorized access and actions.

The reference monitor stands between every subject and object, verifying that a requesting subject's credentials meet the object's access requirements before any requests are allowed to proceed. Effectively, the reference monitor is the access control enforcer for the TCB. ( (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition, chapter 8 - Reference Monitors and Kernels)