ISC2 ISSEP Exam - Topic 2 Question 45 Discussion

Trusted computing base (TCB) refers to hardware, software, controls, and processes that cause a

computer system or network to be devoid of malicious software or hardware. Maintaining the

trusted computing base (TCB) is essential for security policy to be implemented successfully.

Answer option C is incorrect. Internet Protocol Security (IPSec) is a standard-based protocol that

provides the highest level of VPN security. IPSec can encrypt virtually everything above the

networking layer. It is used for VPN connections that use the L2TP protocol. It secures both

data and password. IPSec cannot be used with Point-to-Point Tunneling Protocol (PPTP).

Answer option B is incorrect. The Common data security architecture (CDSA) is a set of layered

security services and cryptographic framework.

It deals with the communications and data security problems in the emerging Internet and intranet

application space. It presents an

infrastructure for building cross-platform, interoperable, security-enabled applications for client-

server environments.

Answer option D is incorrect. An application programming interface (API) is an interface

implemented by a software program which enables it

to interact with other software. It facilitates interaction between different software programs similar

to the way the user interface facilitates

interaction between humans and computers. An API is implemented by applications, libraries, and

operating systems to determine their

vocabularies and calling conventions, and is used to access their services. It may include

specifications for routines, data structures, object

classes, and protocols used to communicate between the consumer and the implementer of the API.