So the conundrum here as to do with syntax and negatives. You must ask the question of what defines a security kernel.
A security kernel mediates all accesses to [the kernel], protects it from modification and verifies [the kernel] as correct. Both A and C do what is described for the security kernel.
Does B? Yes, process isolation is result of implementing confinement via the reference monitor.
D would be the correct answer here. Having said that, read the explanation provided by cybervista to see if there is another reason they have posted that B is the correct answer.
I would have chosen D only.