Certified Information Systems Security Professional (CISSP) — Question 433

Which of the following BEST describes the purpose of the reference monitor when defining access control to enforce the security model?

Answer options

• A. Strong operational security to keep unit members safe
• B. Policies to validate organization rules
• C. Cyber hygiene to ensure organizations can keep systems healthy
• D. Quality design principles to ensure quality by design

Correct answer: B

Explanation

The reference monitor's main role is to enforce access control policies that validate organizational rules, making option B the correct choice. Options A, C, and D, while relevant to security and operational integrity, do not specifically address the function of the reference monitor in relation to access control.