Certified Network Defender (CND) — Question 10

Assume that you are a network administrator and the company has asked you to draft an Acceptable Use Policy (AUP) for employees. Under which category of an information security policy does AUP fall into?

Answer options

• A. Incident Response Policy (IRP)
• B. Issue Specific Security Policy (ISSP)
• C. Enterprise Information Security Policy (EISP)
• D. System Specific Security Policy (SSSP)

Correct answer: D

Explanation

The Acceptable Use Policy (AUP) is classified under System Specific Security Policy (SSSP) because it outlines specific rules and guidelines related to the acceptable use of company systems and resources. The other options, such as Incident Response Policy (IRP), Issue Specific Security Policy (ISSP), and Enterprise Information Security Policy (EISP), deal with different aspects of information security management and do not specifically cover acceptable use guidelines.