Network Defense Essentials (NDE) Practice Exam 2025 – Your All-in-One Resource to Exam Success!

The correct answer pertains to a system-specific security policy because this type of policy is designed to provide detailed security measures tailored to individual systems or applications. It often includes specific guidelines and requirements for protecting sensitive data, such as encryption standards and practices. This ensures that the unique characteristics and vulnerabilities of a given system are addressed, facilitating the proper handling of sensitive information to maintain confidentiality and integrity.

In contrast, while an access control policy defines who is authorized to access specific data or systems, it may not delve into the methods for protecting that data itself, such as encryption. The incident response policy focuses on procedures for responding to security incidents and may touch upon data protection in the context of response actions but does not typically establish guidelines for data encryption. A general security policy outlines broad security objectives and strategies but lacks the specificity that a system-specific security policy provides, particularly regarding encryption requirements for sensitive data.