{"id":342,"date":"2021-01-17T05:31:47","date_gmt":"2021-01-16T17:58:10","guid":{"rendered":"https:\/\/exampracticetests.com\/ISC\/SSCP\/systems-security-certified-practitioner-sscp-question0334\/"},"modified":"2021-01-17T05:44:08","modified_gmt":"2021-01-17T05:44:08","slug":"systems-security-certified-practitioner-sscp-question0334","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/ISC\/SSCP\/systems-security-certified-practitioner-sscp-question0334\/","title":{"rendered":"Systems Security Certified Practitioner &#8211; SSCP &#8211; Question0334"},"content":{"rendered":"<div class=\"question\">What can be defined as an abstract machine that mediates all access to objects by subjects to ensure that subjects have the necessary access rights and to protect objects from unauthorized access? <br \/><strong><br \/>A.<\/strong> The Reference Monitor <br \/><strong>B.<\/strong> The Security Kernel <br \/><strong>C.<\/strong> The Trusted Computing Base <br \/><strong>D.<\/strong> The Security Domain<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>A<\/strong><\/div>\n<p><strong>Explanation:<\/strong> <\/p>\n<div class=\"explanation\">\nThe reference monitor refers to abstract machine that mediates all access to objects by subjects.<br \/>\nThis question is asking for the concept that governs access by subjects to objects, thus the reference monitor is the best answer. While the security kernel is similar in nature, it is what actually enforces the concepts outlined in the reference monitor.<br \/>\nIn operating systems architecture a reference monitor concept defines a set of design requirements on a reference validation mechanism, which enforces an access control policy over subjects&#8217; (e.g., processes and users) ability to perform operations (e.g., read and write) on objects (e.g., files and sockets) on a system. The properties of a reference monitor are:<br \/>\nThe reference validation mechanism must always be invoked (complete mediation). Without this property, it is possible for an attacker to bypass the mechanism and violate the security policy.<br \/>\nThe reference validation mechanism must be tamperproof (tamperproof). Without this property, an attacker can undermine the mechanism itself so that the security policy is not correctly enforced.<br \/>\nThe reference validation mechanism must be small enough to be subject to analysis and tests, the completeness of which can be assured (verifiable). Without this property, the mechanism might be flawed in such a way that the policy is not enforced.<br \/>\nFor example, Windows 3.x and 9x operating systems were not built with a reference monitor, whereas the Windows NT line, which also includes Windows 2000 and Windows XP, was designed to contain a reference monitor, although it is not clear that its properties (tamperproof, etc.) have ever been independently verified, or what level of computer security it was intended to provide.<br \/>\nThe claim is that a reference validation mechanism that satisfies the reference monitor concept will correctly enforce a system&#8217;s access control policy, as it must be invoked to mediate all security-sensitive operations, must not be tampered, and has undergone complete analysis and testing to verify correctness. The abstract model of a reference monitor has been widely applied to any type of system that needs to enforce access control, and is considered to express the necessary and sufficient properties for any system making this security claim.<br \/>\nAccording to Ross Anderson, the reference monitor concept was introduced by James Anderson in an influential 1972 paper.<br \/>\nSystems evaluated at B3 and above by the Trusted Computer System Evaluation Criteria (TCSEC) must enforce the reference monitor concept.<br \/>\nThe reference monitor, as defined in AIO V5 (Harris) is: &#8220;an access control concept that refers to an abstract machine that mediates all access to objects by subjects.&#8221;<br \/>\nThe security kernel, as defined in AIO V5 (Harris) is: &#8220;the hardware, firmware, and software elements of a trusted computing based (TCB) that implement the reference monitor concept. The kernel must mediate all access between subjects and objects, be protected from modification, and be verifiable as correct.&#8221;<br \/>\nThe trusted computing based (TCB), as defined in AIO V5 (Harris) is: &#8220;all of the protection mechanisms within a computer system (software, hardware, and firmware) that are responsible for enforcing a security policy.&#8221;<br \/>\nThe security domain, &#8220;builds upon the definition of domain (a set of resources available to a subject) by adding the fact that resources withing this logical structure (domain) are working under the same security policy and managed by the same group.&#8221;<br \/>\nThe following answers are incorrect:<br \/>\n&#8220;The security kernel&#8221; is incorrect. One of the places a reference monitor could be implemented is in the security kernel but this is not the best answer.<br \/>\n&#8220;The trusted computing base&#8221; is incorrect. The reference monitor is an important concept in the TCB but this is not the best answer.<br \/>\n&#8220;The security domain is incorrect.&#8221; The reference monitor is an important concept in the security domain but this is not the best answer.<br \/>\nReference(s) used for this question: Official ISC2 Guide to the CBK, page 324<br \/>\nAIO Version 3, pp. 272 -274 AIOv4 Security Architecture and Design (pages 327 -328) AIOv5 Security Architecture and Design (pages 330 -331)<br \/>\nWikipedia article at <a href=\"https:\/\/en.wikipedia.org\/wiki\/Reference_monitor\" title=\"External link\" rel=\"nofollow noopener\" target=\"_blank\">https:\/\/en.wikipedia.org\/wiki\/Reference_monitor<\/a><\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>What can be defined as an abstract machine that mediates all access to objects by subjects to ensure that subjects have the necessary access rights and to protect objects from unauthorized access? A. The Reference Monitor B. The Security Kernel C. The Trusted Computing Base D. The Security Domain Show Answer Hide Answer Correct Answer: [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[1078,337,3],"class_list":["post-342","post","type-post","status-publish","format-standard","hentry","category-systems-security-certified-practitioner-sscp","tag-choices","tag-question-0334","tag-systems-security-certified-practitioner-sscp"],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/342","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/comments?post=342"}],"version-history":[{"count":1,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/342\/revisions"}],"predecessor-version":[{"id":1418,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/342\/revisions\/1418"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/media?parent=342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/categories?post=342"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/tags?post=342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}