Which of the following security controls works as the totality of protection mechanisms within a
computer system, including hardware, firmware, and software, the combination of which is
responsible for enforcing a security policy?

A.
Common data security architecture (CDSA)

B.
Application program interface (API)

C.
Trusted computing base (TCB)

D.
Internet Protocol Security (IPSec)

Explanation:
Trusted computing base (TCB) refers to hardware, software, controls, and
processes that cause a computer system or network to be devoid of malicious software or
hardware. Maintaining the trusted computing base (TCB) is essential for security policy to be
everything above the networking layer. It is used for VPN connections that use the L2TP protocol.
It secures both data and password. IPSec cannot be used with Point-to-Point Tunneling Protocol
security services and cryptographic framework. It deals with the communications and data security
problems in the emerging Internet and intranet application space. It presents an infrastructure for
building cross-platform, interoperable, security-enabled applications for client-server
implemented by a software program which enables it to interact with other software. It facilitates
interaction between different software programs similar to the way the user interface facilitates
interaction between humans and computers. An API is implemented by applications, libraries, and
operating systems to determine their vocabularies and calling conventions, and is used to access
their services. It may include specifications for routines, data structures, object classes, and
protocols used to communicate between the consumer and the implementer of the API.