What mechanism does a system use to compare the security labels of a subject and an object?

A.
Validation Module.

B.
Reference Monitor.

C.
Clearance Check.

D.
Security Module.

Explanation:
The reference monitor is an abstract machine that mediates all access subjects have to objects, both to ensure
that the subjects have the necessary access rights and to protect the objects from unauthorized access and
destructive modification. For a system to achieve a higher level of trust, it must require subjects (programs,
users, processes) to be fully authorized prior to accessing an object (file, program, resource). A subject must
not be allowed to use a requested resource until the subject has proven it has been granted access privileges
to use the requested object. The reference monitor is an access control concept, not an actual physical
component, which is why it is normally referred to as the “reference monitor concept” or an “abstract machine.”
Incorrect Answers:
A: A Validation Module is not what the system uses to compare the security labels of a subject and an object.
C: A Clearance Check is not what the system uses to compare the security labels of a subject and an object.
D: A Security Module is not what the system uses to compare the security labels of a subject and an object.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 362