Domain 3 Exam.
A minimum of 70% is required to pass.
#1. Which of the following is an incorrect description of steganography?
〇:The most common method used is to change the most significant bit.
Steganography is a method of hiding data in other media types. One of the most common ways to embed messages in some types of media is using the least significant bit (LSB). This is because many types of files are modified and this is where sensitive data can be made visible and hidden without modifying the file. the LSB approach has been successful in hiding information within the graphics of high-resolution or sound-heavy audio files (high bit rate).
×:Hiding by abstraction.
Steganography is incorrect because it is concealment by abstraction. Security by obscurity means that someone uses secrecy as a way to protect an asset, rather than actually using the measure to secure something.
×:Just as encryption does, steganography is not a front for the existence of the sensitive data itself.
It is true that steganography does not draw attention to itself as does encryption. In other words, it is concealment by abstraction.
×:Media files are ideal for steganographic transmissions that are large in size.
This is incorrect because it is true that larger media files are ideal for steganographic transmissions because everyone needs to privately use multiple bits to manipulate with low likelihood of noticing.
#2. We are looking to move to a cloud-based solution to eliminate the increasing cost of maintaining our own server network environment. Which of the following is the correct definition and mapping of a typical cloud-based solution to choose?
〇:The cloud provider is provided a platform as a service that provides a computing platform that may include an operating system, database, and web servers.
Cloud computing is a term used to describe the aggregation of network and server technologies, each virtualized, to provide customers with a specific computing environment that matches their needs. This centralized control provides end users with self-service, broad access across multiple devices, resource pooling, rapid elasticity, and service monitoring capabilities.
There are different types of cloud computing products: IaaS provides virtualized servers in the cloud; PaaS allows applications to be developed individually; SaaS allows service providers to deploy services with no development required and with a choice of functionality; and IaaS allows customers to choose the type of service they want to use. ” The term “PaaS” must fit the definition of “PaaS” because it requires that “the original application configuration remains the same”. Thus, the correct answer is, “The cloud provider provides a computing platform that may include an operating system, database, and web server, where the platform as a service is provided.” The following is the correct answer
×:The cloud provider is provided with an infrastructure as a service that provides a computing platform that can include an operating system, database, and web servers.
IaaS Description.
×:The cloud provider is provided with software services that provide an infrastructure environment similar to that of a traditional data center.
This is a description of the operational benefits of cloud computing. It is not a definition.
×:The cloud provider provides software as a service in a computing platform environment where application functionality is internalized.
SaaS Description.
#3. Insider trading can occur through the unintentional transmission of information. Which of the following access control models is most appropriate to prepare for such an eventuality?
〇:Brewer-Nash Model
The Chinese Wall Model is a security model that focuses on the flow of information within an organization, such as insider trading. Insider trading occurs when inside information leaks to the outside world. In reality, information can spread to unexpected places as it is passed on orally to unrelated parties. In order to take such information flow into account, access privileges are determined in a simulation-like manner. Therefore, the correct answer is the “Chinese Wall Model (Brewer-Nash Model).
×:Lattice-based Access Control
Lattice-based access control is to assume that a single entity can have multiple access rights and to consider access control as all possible relationships under a certain condition.
×:Biba Model
The Biba model is a security model that indicates that data cannot be changed without permission.
×:Harrison-Ruzzo-Ullman Model
The Harrison-Ruzzo-Ullman model is a model that aggregates the eight rules of the Graham-Denning model into six rules using an access control matrix.
#4. Which of the following comes closest to defining a virtual machine?
#5. The Trusted Computing Base (TCB) ensures security within the system when a process in one domain needs to access another domain to obtain sensitive information. What functions does the TCB perform to ensure this is done in a secure manner?
〇:Execution Domain Switching
Execution domain switching occurs when the CPU needs to move between executing instructions for a more trusted process versus a less trusted process. Trusted Computing Base (TCB) allows processes to switch domains in a secure manner to access different levels of information based on sensitivity. Execution domain switching occurs when a process needs to invoke a process in a higher protection ring. The CPU executes the user-mode instruction back into privileged mode.
At first glance, this is a geeky problem that does not make sense. But don’t give up. Since there is no such thing as skipping, you can only get a right or wrong answer when the question is posed, so it is preferable to answer the question with some degree of prediction.
From this point on, let’s consider how to answer the questions. If you look at the question text and read it to the point where it reads, “You moved from one area to the other, and that was a security breach?” If you can read to that point, then you have two choices: deny or “stop the process,” or change or “switch the domain of execution. Next, the question text reads “if you need to access it,” which is asking how to accomplish this objective, not whether or not you should.
×:Execution of I/O operations
This is incorrect because input/output (I/O) operations are not initiated to ensure security when a process in one domain needs to access another domain in order to retrieve sensitive information. I/O operations are performed when input devices (such as a mouse or keyboard) and output devices (such as a monitor or printer, etc.) interact with an application or applications.
×:Stopping a Process
A process deactivation is one that occurs when a process instruction is fully executed by the CPU or when another process with a higher priority calls the CPU, which is incorrect. When a process is deactivated, new information about the new requesting process must be written to a register in the CPU. The TCB component must ensure that this is done, since the data replaced in the registers may be confidential.
×:Mapping from virtual memory to real memory
Incorrect because memory mapping occurs when a process needs its instructions and data processed by the CPU. The memory manager maps logical addresses to physical addresses so that the CPU knows where to place the data. This is the responsibility of the operating system’s memory manager.
#6. Mandy needs to generate keys for 260 employees using the company’s asymmetric algorithm. How many keys will be needed?
In an asymmetric algorithm, every user must have at least one key pair (private and public key). In a public key system, each entity has a separate key. The formula for determining the number of keys needed in this environment is by the number N × 2, where N is the number of people to distribute. In other words, 260 x 2 = 520. Therefore, the correct answer is 520.
#7. What should I use for streaming ciphers?
〇:One-time pad
Stream ciphers refer to one-time pad technology. In practice, stream ciphers cannot provide the level of protection that one-time pads do, but are practical.
×:AES
AES is incorrect because it is a symmetric block cipher. When a block cipher is used for encryption and decryption purposes, the message is divided into blocks of bits.
×:Block ciphers
Block ciphers are used for encryption and decryption purposes. The message is wrong because it is divided into blocks of bits.
×:RSA
RSA is incorrect because it is an asymmetric algorithm.
#8. Which security architecture model defines how to securely develop access rights between subjects and objects?
〇:Graham-Denning Model
The Graham-Denning model addresses how access rights between subjects and objects are defined, developed, and integrated. It defines a basic set of rights in terms of the commands that a particular subject can execute on an object. The model has eight basic protective rights or rules on how to safely perform these types of functions
×:Brewer-Nash Model
It is incorrect because its purpose is to provide access control that can be changed dynamically according to the user’s previous actions. The main purpose is to protect against conflicts of interest due to user access attempts. For example, if a large marketing firm provides marketing promotions and materials for two banks, the employee responsible for the Bank A project should not be able to see information about Bank B, the marketing firm’s other bank customer. A conflict of interest could arise because the banks are competitors. If the project manager of the marketing firm’s Project A can see information about Bank B’s new marketing campaign, he may attempt to execute it rather than promote it to please more direct customers. Marketing firms have a bad reputation when internal employees can act irresponsibly.
×:Clark-Wilson Model
The Clark-Wilson model is incorrect because it is implemented to protect data integrity and ensure that transactions are properly formatted within the application. Subjects can only access objects through authorized programs. Segregation of duties is enforced. Auditing is required. The Clark-Wilson model addresses three integrity goals: preventing changes by unauthorized users, preventing inappropriate changes by unauthorized users, and maintaining internal and external consistency.
×:Bell-LaPadula Model
This model was developed to address concerns about the security of U.S. military systems and the leakage of classified information, and is incorrect. The primary goal of the model is to prevent unauthorized access to classified information. It is a state machine model that enforces the confidentiality aspect of access control. Matrices and security levels are used to determine if a subject has access to different objects. Specific rules are applied to control how objects interact with each other compared to the subject’s object classification.
#9. Which of the following correctly describes the relationship between the reference monitor and the security kernel?
〇:The security kernel implements and executes the reference monitor
The Trusted Computing Base (TCB) is a complete combination of protection mechanisms for a system. These are in the form of hardware, software, and firmware. These same components also comprise the security kernel. Reference monitors are access control concepts implemented and enforced by the security kernel via hardware, software, and firmware. In doing so, it ensures that the security kernel, the subject, has the proper permissions to access the object it is requesting. The subject, be it a program, user, or process, cannot access the requesting file, program, or resource until it is proven that it has the proper access rights.
×:The reference monitor is the core of the Trusted Computing Base (TCP), which is comprised of the security kernel.
This is incorrect because the reference monitor is not the core of the TCB. The core of the TCB is the security kernel, and the security kernel implements the concepts of the reference monitor. The reference monitor is a concept about access control. It is often referred to as an “abstract machine” because it is not a physical component.
×:The reference monitor implements and executes the security kernel.
The reference monitor does not implement and execute the security kernel, which is incorrect. On the contrary, the security kernel implements and executes the reference monitor. The reference monitor is an abstract concept, while the security kernel is a combination of hardware, software, and firmware in a trusted computing base.
×:The security kernel, i.e., the abstract machine, implements the concept of a reference monitor.
This is incorrect because abstract machine is not another name for security kernel. Abstract machine is another name for the reference monitor. This concept ensures that the abstract machine acts as an intermediary between the subject and the object, ensuring that the subject has the necessary rights to access the object it is requesting and protecting the subject from unauthorized access and modification. The security kernel functions to perform these activities.
#10. Lacy’s manager assigned her to research intrusion detection systems for the new dispatching center. Lacey identifies the top five products and compares their ratings. Which of the following is the most used evaluation criteria framework today for this purpose?
〇:Common Criteria
Common Criteria was created in the early 1990s as a way to combine the strengths of both the Trustworthy Computer Systems Evaluation Criteria (TCSEC) and the Information Technology Security Evaluation Criteria (ITSEC) and eliminate their weaknesses. Common Criteria is more flexible than TCSEC and easier than ITSEC. Common Criteria is recognized worldwide and assists consumers by reducing the complexity of assessments and eliminating the need to understand the definitions and meanings of different assessments in different assessment schemes. This also helps manufacturers because they can now build a specific set of requirements when they want to market their products internationally, rather than having to meet several different evaluation criteria under different rules and requirements.
×:ITSEC
This is incorrect because it is not the most widely used information technology security evaluation standard. ITSEC was the first attempt to establish a single standard for evaluating the security attributes of computer systems and products in many European countries. In addition, ITSEC separates functionality and assurance in its evaluations, giving each a separate rating. It was developed to provide greater flexibility than TCSEC and addresses integrity, availability, and confidentiality in networked systems. The goal of ITSEC was to become the global standard for product evaluation, but it failed to achieve that goal and was replaced by Common Criteria.
×:Red Book
Wrong, as it is a U.S. government publication that addresses the topic of security evaluation of networks and network components. Formally titled Trusted Network Interpretation, it provides a framework for protecting different types of networks. Subjects accessing objects on the network must be controlled, monitored, and audited.
×:Orange Book
Incorrect as this is a U.S. Government publication that addresses government and military requirements and expectations for operating systems. The Orange Book is used to evaluate whether a product is suitable for the security characteristics and specific applications or functions required by the vendor. The Orange Book is used to review the functionality, effectiveness, and assurance of the product under evaluation, using classes designed to address typical patterns of security requirements. It provides a broad framework for building and evaluating trusted systems, with an emphasis on controlling which users have access to the system. We call it the Orange Book, but another name for it is Trusted Computer System Evaluation Criteria (TCSEC).
#11. Symmetric ciphers include stream ciphers and block ciphers. Which of the following is not a suitable characteristic of stream ciphers?
〇:Statistically predictable
The two main types of symmetric algorithms are block ciphers and stream ciphers. Block ciphers perform a mathematical function on a block of bits at a time. Stream ciphers do not divide the message into blocks. Instead, a stream cipher treats the message as a stream of bits and performs the mathematical function on each bit individually. If it were statistically predictable, it would not be a practical encryption technique in the first place.
×:Statistically Fair Keystreams
Statistically fair keystreams are an element of good stream ciphers. Therefore, it is incorrect. Another way to say a statistically unbiased keystream is that it is a highly random keystream that is difficult to predict.
×:The repetitive pattern of bit strings treated in a keystream is long.
Another way to say the randomness of a keystream is that it is highly random, with long repetitions = rarely repeated = highly random.
×:The keystream is irrelevant to the key.
A keystream that is not related to a key is an element of a good stream cipher. Therefore, it is incorrect. This is important because the key provides the randomness of the encryption process.
#12. You have been instructed to report to the Board of Directors with a vendor-neutral enterprise architecture framework that will help reduce fragmentation due to inconsistencies between IT and business processes. Which of the following frameworks should you propose?
〇:TOGAF
The Open Group Architecture Framework (TOGAF) is a vendor-independent platform for the development and implementation of enterprise architecture. It focuses on the effective management of enterprise data using metamodels and service-oriented architectures (SOA). Proficient implementations of TOGAF aim to reduce fragmentation caused by inconsistencies between traditional IT systems and actual business processes. It also coordinates new changes and functionality so that new changes can be easily integrated into the enterprise platform.
×:Department of Defense Architecture Framework (DoDAF)
In accordance with the guidelines for the organization of the enterprise architecture of the U.S. Department of Defense systems, this is incorrect. It is also suitable for large, complex integrated systems in the military, civilian, and public sectors.
×:Capability Maturity Model Integration (CMMI) during software development.
It is inappropriate because it is a framework for the purpose of designing and further improving software. CMMI provides a standard for software development processes that can measure the maturity of the development process.
×:ISO/IEC 42010
Incorrect because it consists of recommended practices to simplify the design and conception of software-intensive system architectures. This standard provides a kind of language (terminology) to describe the different components of software architecture and how to integrate it into the development life cycle.
#13. Virtual storage combines RAM for system memory and secondary storage. Which of the following is a security concern regarding virtual storage?
〇:Multiple processes are using the same resources.
The system uses hard drive space (called swap space) that is reserved to expand RAM memory space. When the system fills up volatile memory space, data is written from memory to the hard drive. When a program requests access to this data, it is returned from the hard drive to memory in specific units called page frames. Accessing data stored on hard drive pages takes longer than accessing data stored in memory because it requires read/write access to the physical disk. A security issue with using virtual swap space is that two or more processes can use the same resources and corrupt or damage data.
×:Allowing cookies to remain persistent in memory
This is incorrect because virtual storage is not associated with cookies. Virtual storage uses hard drive space to extend RAM memory space. Cookies are small text files used primarily by web browsers. Cookies can contain credentials for web sites, site preferences, and shopping history. Cookies are also commonly used to maintain web server-based sessions.
×:Side-channel attacks are possible.
Side-channel attacks are incorrect because they are physical attacks. This type of attack gathers information about how a mechanism (e.g., smart card or encryption processor) works from abandoned radiation, time spent processing, power consumed to perform a task, etc. Using the information, reverse engineer the mechanism to reveal how it performs its security task. This is not related to virtual storage.
×:Two processes can perform a denial of service attack.
The biggest threat within a system where resources are shared between processes is that one process can adversely affect the resources of another process, since the operating system requires memory to be shared among all resources. This is especially true in the case of memory. It is possible for two processes to work together to perform a denial of service attack, but this is only one of the attacks that can be performed with or without the use of virtual storage.
#14. Which of the following best describes the difference between a firewall embedded in a hypervisor and a virtual firewall operating in bridge mode?
〇:A virtual firewall in bridge mode allows the firewall to monitor individual traffic links, while a firewall integrated into the hypervisor can monitor all activity taking place within the host system.
Virtual firewalls can be bridge-mode products that monitor individual communication links between virtual machines. They can also be integrated within a hypervisor in a virtual environment. The hypervisor is the software component that manages the virtual machines and monitors the execution of guest system software. When a firewall is embedded within the hypervisor, it can monitor all activities that occur within the host system.
×:A virtual firewall in bridge mode allows the firewall to monitor individual network links, while a firewall integrated into the hypervisor can monitor all activities taking place within the guest system.
A virtual firewall in bridge mode is incorrect because the firewall can monitor individual traffic links between hosts and not network links. Hypervisor integration allows the firewall to monitor all activities taking place within the guest system rather than the host system.
×:A virtual firewall in bridge mode allows the firewall to monitor individual traffic links, while a firewall integrated into the hypervisor can monitor all activities taking place within the guest system.
A virtual firewall in bridge mode is wrong because the firewall can monitor individual traffic links, and the hypervisor integration allows the firewall to monitor all activity taking place within the host system, but not the guest system. The hypervisor is the software component that manages the virtual machines and monitors the execution of the guest system software. A firewall, when embedded within the hypervisor, can monitor all activities taking place within the system.
×:A virtual firewall in bridge mode allows the firewall to monitor individual guest systems, while a firewall integrated into the hypervisor can monitor all activities taking place within the network system.
A virtual firewall in bridge mode allows the firewall to monitor individual traffic between guest systems, and a hypervisor integrated allows the firewall to monitor all activity taking place within the host system, not the network system, so Wrong.
#15. Which of the following is an incorrect benefit of virtualization?
〇:Operating system patching is easier.
This is an incorrect choice question. Virtualization does not simplify operating system patching. In fact, it complicates it by adding at least one additional operating system. Each operating system differs from the typical version configuration, adding to the complexity of patching. The server’s own operating system runs as a guest within the host environment. In addition to patching and maintaining the traditional server operating system, the virtualization software itself must be patched and maintained.
For this question, we do not require an understanding of all the technical systems of virtualization. What is required here is a selection of answers based on a process of elimination.
×:I can build a secure computing platform.
Building a secure computing platform may not be a feature of virtualization per se. However, can we build a secure environment? This is not a false choice because it cannot be ruled out.
×:It can provide fault and error containment.
Virtualization can be host independent. In terms of containment, it can be interpreted as being able to provide fault and error containment through independence from physical servers. Therefore, it cannot be denied and is therefore not an incorrect choice.
×:It can provide powerful debugging capabilities.
Virtualization can reproduce a unique environment, not just put up a clean virtual host. Therefore, it is undeniable and therefore out of the wrong choice.
#16. Which microprocessor technology has also been linked to facilitating certain attacks?
〇:Increased Processing Power
The increased processing power of personal computers and servers has increased the probability of successful brute force and cracking attacks against security mechanisms that were not feasible a few years ago. Today’s processors can execute an incredible number of instructions per second. These instructions can be used to break passwords, encryption keys, or direct malicious packets to be sent to the victim’s system.
×:Increased circuitry, cache memory, and multiprogramming
This is incorrect because an increase does not make a particular type of attack more powerful. Multiprogramming means loading multiple programs or processes into memory at the same time. It allows antivirus software, word processors, firewalls, and e-mail clients to run simultaneously. Cache memory is a type of memory used for fast write and read operations. If the system expects that the program logic will need to access certain information many times during processing, the information is stored in cache memory for easy and quick access.
×:Dual-mode computation
The answer is not specific and does not measure conformance to the problem. When examining microprocessor advances, there is no actual dual-mode calculation.
×:Direct Memory Access I/O
Incorrect because this method transfers instructions and data between I/O (input/output) devices and the system’s memory without using the CPU. Direct Memory Access I/O significantly increases data transfer speed.
#17. Elliptic curve cryptography is an asymmetric algorithm. What are its advantages over other asymmetric algorithms?
〇:Encryption and decryption are more efficient.
Elliptic curves are rich mathematical structures that have shown usefulness in many different types of applications. Elliptic curve cryptography (ECC) differs from other asymmetric algorithms because of its efficiency; ECC is efficient because it is computationally less expensive than other asymmetric algorithms. In most cases, the longer the key, the more bloated the computation to secure it, but ECC can provide the same level of protection with a shorter key size than RSA requires.
×:Provides digital signatures, secure key distribution, and encryption.
ECC is wrong because it is not the only asymmetric algorithm that provides digital signatures, secure key distribution, and encryption provided by other asymmetric algorithms such as RSA.
×:Calculated in finite discrete logarithms.
Wrong because Diffie-Hellman and El-Gamal compute with finite discrete logarithms.
×:Uses a large percentage of resources to perform the encryption.
Incorrect because ECC when compared to other asymmetric algorithms uses much less resources. Some devices, such as wireless devices and cell phones, have limited processing power, storage, power, and bandwidth. Resource utilization efficiency is very important for the encryption methods used in this type.
#18. Sally has performed software analysis against her company’s proprietary applications. She has found that it is possible to force an authentication step to take place before the attacker has successfully completed the authentication procedure. What could be the cause?
〇:Conflict condition
A race condition is present when a process performs a task on a shared resource and the sequence could be in the wrong order. 2 or more processes can have a race condition if they use a shared resource, like data in a variable. It is important that processes perform their functions in the correct sequence.
×:Backdoors
Backdoors are incorrect because they are “listening” services on certain ports. Backdoors are implemented by attackers to allow easy access to the system without authenticating as a normal system user.
×:Maintenance Hooks
Maintenance hooks are specific software codes that allow easy and unauthorized access to sensitive parts of a software product. Software programmers use maintenance hooks to allow them to get quick access to the code so that they can make fixes in immediate, but this is dangerous.
×:Data validation errors
Data validation errors are wrong because an attacker cannot operate on the process execution sequence.
#19. David is preparing the server room for the new branch office. He wants to know what locking mechanism should be used for the primary and secondary server room entry doors?
〇:Primary entry doors should have controlled access via swipe card or cryptographic locks. Secondary doors should not be secured from the inside and allowed entry.
Data centers, server rooms, and wiring closets should be located in the core areas of the facility, near wiring distribution centers. Strict access control mechanisms and procedures should be implemented for these areas. Access control mechanisms can lock smart card readers, biometric readers, or a combination of these. These restricted areas should have only one access door, but fire code requirements typically dictate that there must be at least two doors in most data centers and server rooms. Only one door should be used for daily entry and exit and the other door should be used only in case of an emergency, i.e., if a fire breaks out in a data center or server room, the door should be locked. This second door should not be an access door, meaning people should not be able to come through this door. It should be locked, but should have a panic bar that will release the lock if it is used as an exit, pushed from the inside.
×:The primary and secondary entry doors must have control access via swipe cards or cryptographic locks.
This is incorrect because even two entry doors should not be allowed to pass through with the identification, authentication, and authorization process. There should only be one entry point into the server room. No other door should provide an entry point, but can be used for an emergency exit. Therefore, secondary doors should be protected from the inside to prevent intrusion.
×:The primary entry door should have controlled access via a guard. Two doors should not be secured from the inside and allowed entry.
The main entry door to the server room is incorrect as it requires an identification, authentication, and authorization process to be performed. Swipe cards and cryptographic locks perform these functions. Server rooms should ideally not be directly accessible from public areas such as stairways, hallways, loading docks, elevators, and restrooms. This helps prevent foot traffic from casual passersby. Those who are by the door to the area to be secured should have a legitimate reason for being there, as opposed to those on the way to the meeting room, for example.
×:The main entry door must have controlled access via swipe card or crypto lock. Two doors must have security guards.
Two doors should not have security guards, because it is wrong. The door should be protected from the inside simply so it cannot be used as an entry. Two-door must function as an emergency exit.
#20. Which of the following is NOT a role of the memory manager?
〇:Run an algorithm that identifies unused committed memory and informs the operating system that memory is available.
This answer describes the function of the garbage collector, not the memory manager. The garbage collector is a countermeasure against memory leaks. It is software that runs an algorithm to identify unused committed memory and tells the operating system to mark that memory as “available. Different types of garbage collectors work with different operating systems, programming languages, and algorithms.
In some cases, a four-choice question can be answered without knowing the exact answer; since there is only one correct answer in a four-choice question, the answers can be grouped together to reduce it to “since they are saying the same thing, it is not right that only one of them is correct, therefore they are both wrong.
There are two answers to the effect of controlling the process to handle memory appropriately, but if the memory manager does not have that functionality, both would be correct, and therefore can be eliminated from the choices in the first place.
×:If processes need to use the same shared memory segment, use complex controls to guarantee integrity and confidentiality.
If processes need to use the same shared memory segment, the memory manager uses complex controls to ensure integrity and confidentiality. This is important to protect memory and the data in it, since two or more processes can share access to the same segment with potentially different access rights. The memory manager also allows many users with different levels of access rights to interact with the same application running on a single memory segment.
×:Restrict processes to interact only with the memory segments allocated to them.
The memory manager is responsible for limiting the interaction of processes to only those memory segments allocated to them. This responsibility falls under the protection category and helps prevent processes from accessing segments to which they are not allowed. Another protection responsibility of the memory manager is to provide access control to memory segments.
×:Swap contents from RAM to hard drive as needed.
This is incorrect because swapping contents from RAM to hard drive as needed is the role of memory managers in the relocation category. When RAM and secondary storage are combined, they become virtual memory. The system uses the hard drive space to extend the RAM memory space. Another relocation responsibility is to provide pointers for applications when instructions and memory segments are moved to another location in main memory.