Exam CISSP Topic 2 Question 210 Discussion

Actual exam question for ISC's CISSP exam
Question #: 210
Topic #: 2

Which of the following BEST describes the purpose of the reference monitor when defining access control to enforce the security model?

A. Quality design principles to ensure quality by design B. Policies to validate organization rules C. Cyber hygiene to ensure organizations can keep systems healthy D. Strong operational security to keep unit members safe

Suggested Answer: D Vote an answer

The purpose of the reference monitor when defining access control to enforce the security model is to provide strong operational security to keep unit members safe. The reference monitor is an abstract concept that represents the mechanism that mediates all access requests between subjects and objects, and enforces the security policy defined by the security model. The reference monitor should be tamper-proof, always invoked, and verifiable. The reference monitor should ensure that only authorized and legitimate access requests are granted, and that any unauthorized or malicious access requests are denied or logged. The reference monitor should also protect the confidentiality, integrity, and availability of the system and the data. Quality design principles to ensure quality by design, policies to validate organization rules, and cyber hygiene to ensure organizations can keep systems healthy are not the purpose of the reference monitor, but rather the goals or the outcomes of the security program. References: CISSP CBK Reference, 5th Edition, Chapter 5, page
265; CISSP All-in-One Exam Guide, 8th Edition, Chapter 5, page 237

by whitebeard pirate at May 20, 2024, 02:14 PM

Limited Time Offer

15%

Off

Get Premium CISSP Questions as Interactive Self Test Engine or PDF

Comments

whitebeard pirate

2024-05-20 14:14:57

B. Policies to validate organization rules
Enforcement of Access Control Policies: The reference monitor ensures that all access to data and resources is authorized according to predefined security policies. It validates every access request against these policies, ensuring that only authorized subjects can access or modify objects.

upvoted 1 times

...

Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.

RECENT DISCUSSIONS

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Disclaimer:
Actual4test doesn't offer Real SANS and GIAC Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
Actual4test material do not contain actual actual Oracle Exam Questions or material.
Actual4test doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
Actual4test Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Actual4test does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Actual4test does not own or claim any ownership on any of the brands.