Effective CISSP Questions

Which of the following provides the highest level of isolation? (Wentz QOTD)
A. Bounds
B. Containerization
C. Type II hypervisor
D. Preemptive multitasking

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Type II hypervisor.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Software Runtime Environment
Software Runtime Environment

Isolation from Sharing Resources

Isolation is “the ability to keep multiple instances of software separated so that each instance only sees and can affect itself.”

Source: NIST SP 800-190

Processes use various resources such as CPU, memory, storage, network, OS services, etc. To isolate a process so that it won’t affect others requires controlling access to the memory and other resources.

Computer Architecture
Computer Architecture


Bounds here imply the memory bounds imposed upon a process not to access memory segments that belong to others. It provides a basic level of isolation. Processes that share storage, CPU, network, and other resources may still result in race conditions competing for resources.

Memory Layout of a Process
Memory Layout of a Process


Containerization is application virtualization, wherein processes in containers are isolated from most resources but still share the same OS kernel.

Virtual Machine and Container Deployments
Virtual Machine and Container Deployments (Source: NIST SP 800-190)
OS and Application Virtualization
OS and Application Virtualization (Source: NIST SP 800-190)

Type II hypervisor

A type II hypervisor manages virtual machines (VM) running guest OSs based on a host operating system. Processes running on VMs with guest OSs are highly isolated. Two processes deployed on two VMs have a higher level of isolation than on containers.

Hypervisor Types (Source: TechPlayOn)

Preemptive Multitasking

Preemptive multitasking is not an isolation mechanism. However, it typically requires context switching that preserves the CPU state for threads. From this perspective, it can be treated as thread-level isolation in some way.

Context Switching (Source: hcldoc)


以下哪項提供了最高級別的隔離(isolation)? (Wentz QOTD)
A. 界限 (Bounds)
B. 容器化 (Containerization)
C. 類型 II 管理程序 (hypervisor)
D. 先占式多任務處理 (Preemptive multitasking)

1 thought on “CISSP PRACTICE QUESTIONS – 20210803

  1. Pingback: 最高級別的隔離- 第二類類虛擬機器監視器( Type II hypervisor) – Choson資安大小事

Leave a Reply