Systems Security Certified Practitioner – SSCP – Question0251

What mechanism does a system use to compare the security labels of a subject and an object?

A.
Validation Module.
B. Reference Monitor.
C. Clearance Check.
D. Security Module.

Correct Answer: B

Explanation:

Because the Reference Monitor is responsible for access control to the objects by the subjects it compares the security labels of a subject and an object.
According to the OIG: The reference monitor is an access control concept referring to an abstract machine that mediates all accesses to objects by subjects based on information in an access control database. The reference monitor must mediate all access, be protected from modification, be verifiable as correct, and must always be invoked. The reference monitor, in accordance with the security policy, controls the checks that are made in the access control database.
The following are incorrect:
Validation Module. A Validation Module is typically found in application source code and is used to validate data being inputted.
Clearance Check. Is a distractor, there is no such thing other than what someone would do when checking if someone is authorized to access a secure facility.
Security Module. Is typically a general purpose module that prerforms a variety of security related functions.
References:
OIG CBK, Security Architecture and Design (page 324) AIO, 4th Edition, Security Architecture and Design, pp 328-328. Wikipedia –http://en.wikipedia.org/wiki/Reference_monitor