PrepAway - Latest Free Exam Questions & Answers

Which of the following is the mechanism that is missing in this graphic?

There are many different types of access control mechanisms that are commonly embedded into all operating systems. Which of the following is the mechanism that is missing in this graphic?

PrepAway - Latest Free Exam Questions & Answers

A.
Trusted computing base

B.
Security perimeter

C.
Reference monitor

D.
Domain

Explanation:
C: The reference monitor is an abstract machine that mediates all access subjects have to objects, both to ensure that the subjects have the necessary access rights
and to protect the objects from unauthorized access and destructive modification. For a system to achieve a high level of trust, it must require subjects (programs, users,
or processes) to be fully authorized prior to accessing an object (file, program, or resource). A subject must not be allowed to use a requested resource until the subject
has proven it has been granted access privileges to use the requested object. The reference monitor is an access control concept, not an actual physical component,
which is why it is normally referred to as the “reference monitor concept” or an “abstract machine.” The reference monitor is the access control concept, and the code
that actually enforces this concept is the security kernel.
A is incorrect because a security perimeter is a boundary that divides the trusted from the untrusted process access requests within software. The trusted processes
within a system are referred to as being within the trusted computing base (TCB). The TCB is defined as the total combination of protection mechanisms within a
computer system. The TCB includes hardware, software, and firmware. These are part of the TCB because the system is sure these components will enforce the
security policy and not violate it. Not all components need to be trusted, and therefore not all components fall within the TCB. The security perimeter is the demarcation
between what is within the TCB, the trusted processes, and what is not, the untrusted processes.
B is incorrect because not every process and resource falls within the TCB, so some of these components fall outside of an imaginary boundary referred to as the
security perimeter. A security perimeter is a boundary that divides the trusted from the untrusted. For the system to stay in a secure and trusted state, precise
communication standards must be developed to ensure that when a component within the TCB needs to communicate with a component outside the TCB, the
communication cannot expose the system to unexpected security compromises. This type of communication is handled and controlled through interfaces. The security
perimeter is a concept that helps enforce this type of security.
D is incorrect because a domain is defined as a set of objects that a subject is able to access. This domain can be all the resources a user can access, all the files
available to a program, the memory segments available to a process, or the services and processes available to an application. A subject needs to be able to access
and use objects (resources) to perform tasks, and the domain defines which objects are available to the subject and which objects are untouchable and therefore
unusable by the subject. A common implementation of a domain is a networked Windows environment. Resources are logically partitioned within the network to ensure
subjects can only access these resources.

One Comment on “Which of the following is the mechanism that is missing in this graphic?

  1. joe says:

    The reference monitor is an abstract machine that mediates all access subjects have to objects, both to ensure that the subjects have the necessary access rights
    and to protect the objects from unauthorized access and destructive modification.

    參考監視器是一個抽象的機器,調解所有訪問對象擁有的對象,既確保受試者有必要的訪問權限和保護對象的未經授權的訪問和破壞性修改。




    0



    0

Leave a Reply