A security kernel is responsible for enforcing a security policy. It is a strict
implementation of a reference monitor mechanism. The architecture of a kernel operating
system is typically layered, and the kernel should be at the lowest and most primitive level.
It is a small portion of the operating system through which all references to information and
all changes to authorizations must pass. In theory, the kernel implements access control
and information flow control between implemented objects according to the security policy.
To be secure, the kernel must meet three basic conditions:
completeness (all accesses to information must go through the kernel),
isolation (the kernel itself must be protected from any type of unauthorized access),
and verifiability (the kernel must be proven to meet design specifications).
The reference monitor, as noted previously, is an abstraction, but there may be a reference
validator, which usually runs inside the security kernel and is responsible for performing
security access checks on objects, manipulating privileges, and generating any resulting
security audit messages.
A term associated with security kernels and the reference monitor is the trusted computing
base (TCB). The TCB is the portion of a computer system that contains all elements of the
system responsible for supporting the security policy and the isolation of objects. The
security capabilities of products for use in the TCB can be verified through various
evaluation criteria, such as the earlier Trusted Computer System Evaluation Criteria
(TCSEC) and the current Common Criteria standard.
Many of these security terms-reference monitor, security kernel, TCB-are defined
loosely by vendors for purposes of marketing literature. Thus, it is necessary for security
professionals to read the small print and between the lines to fully understand what the
vendor is offering in regard to security features.
TIP FOR THE EXAM:
The terms Security Kernel and Reference monitor are synonymous but at different levels.
As it was explained by Diego:
While the Reference monitor is the concept, the Security kernel is the implementation of
such concept (via hardware, software and firmware means).
The two terms are the same thing, but on different levels: one is conceptual, one is
"technical"
The following are incorrect answers:
Confidentiality, Integrity, and Availability
Policy, mechanism, and assurance
Isolation, layering, and abstraction
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 13858-13875). Auerbach Publications. Kindle
Edition.

Explanation/Reference:
RC5 is a symmetric encryption algorithm. It is a block cipher of variable block length, encrypts through integer addition, the application of a bitwise Exclusive OR (XOR), and variable rotations.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 153).

Section: Risk, Response and Recovery
Explanation/Reference:
A threat is an event or activity that has the potential to cause harm to the information systems. A risk is the probability that a threat will materialize. A vulnerability, or weakness, is a lack of a safeguard, which may be exploited by a threat, causing harm to the information systems.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 1: Access Control Systems (page 32).

Explanation/Reference:
Operational controls are controls over the hardware, the media used and the operators using these resources.
Operational controls are controls that are implemented and executed by people, they are most often procedures.
Backup and recovery, contingency planning and operations procedures are operational controls.
Auditing is considered an Administrative / detective control. However the actual auditing mechanisms in place on the systems would be consider operational controls.