Effective CISSP Questions

Virtualization is one of the most crucial technologies that enable isolation. You are deploying two applications. Which of the following isolation provides the highest isolation that separates instances of operating system kernel? (Wentz QOTD)
A. Containerization
B. Memory bounds
C. Interpreter as a sandbox
D. Hypervisor

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Hypervisor.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Virtual Machine and Container Deployments
Virtual Machine and Container Deployments (Source: NIST SP 800-190)

The hypervisor is the virtual machine manager as shown in the above picture. A guest VM hosts a separate instance of OS, while a container shares the OS kernel with other containers.

Memory bounds are a common OS memory management mechanism or computer language construct that restrict a process’s memory access.

Memory Layout of a Process
Memory Layout of a Process

An interpreter can be viewed as a sandbox that confines a script’s behavior. For example, a browser is a good example of an interpreter as a sandbox for JavaScript.

Software Runtime Environment
Software Runtime Environment


虛擬化是實現隔離的最關鍵技術之一。 您正在部署兩個應用程序。 以下哪個隔離涉及分隔操作系統內核實例並提供最高的隔離效果? (Wentz QOTD)
A. 容器化 (Containerization)
B. 內存限制 (Memory bounds)
C. 解釋器作為沙箱 (Interpreter as a sandbox)
D. 超級監督者(Hypervisor)

2 thoughts on “CISSP PRACTICE QUESTIONS – 20210903

  1. Pingback: 虛擬機器監視器(Hypervisor) – Choson資安大小事

Leave a Reply