Certified Network Defender (CND) — Question 122

Which type of information security policy addresses the implementation and configuration of technology and user behavior?

Answer options

• A. Acceptable use policy
• B. Enterprise information security policy
• C. Issue-specific security policy
• D. System-specific security policy

Correct answer: D

Explanation

The System-specific security policy is designed to provide guidelines on the configuration and implementation of specific technologies and user practices. The other options, while relevant to security, do not specifically address the technical setup and user behavior in the same targeted manner as the System-specific security policy.