Which term describes CPU extensions that protect data stored in system memory so that an untrusted process cannot read it?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

Which term describes CPU extensions that protect data stored in system memory so that an untrusted process cannot read it?

Explanation:
Protecting data by creating a secure, isolated execution area on the CPU. A Secure Enclave is a dedicated, tamper-resistant region with its own memory and processor that runs security-sensitive code and stores secrets away from the rest of the system. Because access to that enclave’s memory and operations is controlled by the CPU’s security architecture, untrusted software cannot read or tamper with data kept inside it, even if the main OS is compromised. This makes it the best fit for protecting data stored in system memory from untrusted processes. Hardware modules like TPMs serve as roots of trust and store keys for attestation and recovery, rather than isolating the running memory of the entire system. Data in transit concerns information moving between devices or components, not memory protection on the host. Escrow refers to securely holding keys or credentials with a trusted third party for recovery, not runtime memory protection.

Protecting data by creating a secure, isolated execution area on the CPU. A Secure Enclave is a dedicated, tamper-resistant region with its own memory and processor that runs security-sensitive code and stores secrets away from the rest of the system. Because access to that enclave’s memory and operations is controlled by the CPU’s security architecture, untrusted software cannot read or tamper with data kept inside it, even if the main OS is compromised. This makes it the best fit for protecting data stored in system memory from untrusted processes.

Hardware modules like TPMs serve as roots of trust and store keys for attestation and recovery, rather than isolating the running memory of the entire system. Data in transit concerns information moving between devices or components, not memory protection on the host. Escrow refers to securely holding keys or credentials with a trusted third party for recovery, not runtime memory protection.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy