• Recent
  • Tags
  • Popular
  • Search
Skins
  • Light
  • Default
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Quartz
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Slate
  • Solar
  • Superhero
  • Vapor
Collapse

Should reference monitor provide process isolation, or NOT? Trick question for CISSP exam?

Scheduled Pinned Locked Moved Unsolved Security
4 Posts 4 Posters 158 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S Offline
    S Offline
    Serkan Bozkurt
    wrote on last edited by
    #1

    Hello,

    I came cross this question on CISSP practice exam and think that the answer is wrong. Any comments?

    Which statements do NOT define the requirements of a security kernel?
    a. The reference monitor should be verified as correct.
    b. The reference monitor should provide process isolation.
    c. The security kernel should be verified in a comprehensive manner.
    d. A method to circumvent the security should be implemented by the reference monitor.

    CyberVista says correct answer is "b and d". But should't it be "d" only? The reference monitor should provide process isolation, isn't it?

    Here is what google's ai think about the subject:
    Both reference monitor and base and limit registers provide process isolation.
    • Reference monitor is a security mechanism that mediates all accesses to objects by subjects. It is a central part of a computer system's security architecture and is responsible for enforcing the system's security policy. Process isolation is one of the security features that the reference monitor provides.
    • Base and limit registers are hardware registers that are used to implement memory protection. They are used to define the boundaries of a process's address space. This prevents processes from accessing each other's memory.
    Both reference monitor and base and limit registers provide process isolation, but they do so in different ways. The reference monitor is a software mechanism that is responsible for enforcing the system's security policy. The base and limit registers are hardware registers that are used to define the boundaries of a process's address space.
    In modern operating systems, both reference monitor and base and limit registers are used to provide process isolation. The reference monitor provides a high-level security policy, while the base and limit registers provide a low-level mechanism for enforcing that policy.
    Here are some of the advantages of using both reference monitor and base and limit registers to provide process isolation:
    • Increased security: Process isolation is a critical security feature that can help to protect computer systems from malicious attacks. By using both reference monitor and base and limit registers, systems can achieve a high level of process isolation.
    • Reduced complexity: Using both reference monitor and base and limit registers can help to reduce the complexity of security mechanisms. This is because the reference monitor can focus on enforcing the system's security policy, while the base and limit registers can focus on providing a low-level mechanism for enforcing that policy.
    • Improved performance: Using both reference monitor and base and limit registers can help to improve the performance of security mechanisms. This is because the reference monitor can be implemented in software, while the base and limit registers can be implemented in hardware.
    Here are some of the disadvantages of using both reference monitor and base and limit registers to provide process isolation:
    • Increased cost: Using both reference monitor and base and limit registers can increase the cost of computer systems. This is because both mechanisms require additional hardware and software.
    • Increased complexity: Using both reference monitor and base and limit registers can increase the complexity of computer systems. This is because both mechanisms add additional complexity to the system's architecture.
    • Reduced flexibility: Using both reference monitor and base and limit registers can reduce the flexibility of computer systems. This is because both mechanisms can limit the types of applications that can be run on the system.
    Overall, using both reference monitor and base and limit registers to provide process isolation can help to improve the security of computer systems. However, it is important to weigh the costs and benefits of using both mechanisms before making a decision.

    1 Reply Last reply
  • S Serkan Bozkurt marked this topic as a question on
  • wes-bryanW Offline
    wes-bryanW Offline
    wes-bryan Moderators
    wrote on last edited by
    #2

    @Serkan-Bozkurt it does seem that in the context of this question and the information provided, that answer "b" is not correct. Maybe someone else can chime in on this as well.

    Best Regards,
    Wes Bryan

    Knowledge is a road to be traveled upon, not a destination to be reached~~

    1 Reply Last reply
  • Ronnie WongR Offline
    Ronnie WongR Offline
    Ronnie Wong
    wrote on last edited by
    #3

    So the conundrum here as to do with syntax and negatives. You must ask the question of what defines a security kernel.
    A security kernel mediates all accesses to [the kernel], protects it from modification and verifies [the kernel] as correct. Both A and C do what is described for the security kernel.

    Does B? Yes, process isolation is result of implementing confinement via the reference monitor.

    D would be the correct answer here. Having said that, read the explanation provided by cybervista to see if there is another reason they have posted that B is the correct answer.

    I would have chosen D only.

    Cordially,
    Ronnie Wong
    Director of Content Development, ACI Learning
    *if the post has answered the question, mark as solved.
    **All responses are "as is" and my opinion. There is no implied service, support, or guarantee by ACI Learning.

    1 Reply Last reply
  • J Offline
    J Offline
    John Truong
    wrote on last edited by
    #4

    B is correct answer because the question asked "not".

    1 Reply Last reply

  • Login
  • Don't have an account? Register
  • Login or register to search.
  • First post
    Last post
0
  • Recent
  • Tags
  • Popular
  • Search
  • Login
  • Don't have an account? Register
  • Login or register to search.