A. All aspects of security in the organization are included in the security management policy, including the policies in options B, C, and D.

B. The information classification policy discusses information sensitivity and access to information.

B. The configuration management policy is concerned with how systems are configured and what software can be installed on systems.

A. Change documentation involves keeping records about how your network or organization changes over time.

B. Enforcement of policies, procedures, and standards is essential for effective sustainability of security efforts. The saying "Inspect what you expect" is relevant in this situation.

A. The term best practices refers to the essential elements of an effective security management effort.

D. Information retention policies dictate what information must be archived and how long those archives must be kept.

A. Configuration management policy dictates the configurations and upgrades of systems in an organization.

A. The backup policy identifies the methods used to archive electronic and paper file systems. This policy works in conjunction with the information retention and storage policies.

C. Network technology and administration would not be covered in a user security-awareness program. Issues of policy, responsibilities, and importance of security would be key aspects of this program.

A. Managers would derive the most benefit from a high-level explanation of security threats and issues. Users need to know how to follow the policies and why they are important. Developers and network administrators need specific and focused information on how to better secure networks and applications.

B. The only way to guarantee that data and applications on a disk drive are unreadable is to perform a low-level initialization of the storage media, thereby setting every storage location into a newly initialized state. This process is also referred to as disk wiping.

C. The removal and replacement of the computer battery will often cause the loss of values stored in the BIOS.

D. The acceptable use policy should clearly define the use of USB devices within an organization.

A. Users should be placed in groups and managed by membership in those groups.

B. Access control lists (ACLs) hold permissions for users and groups.

C. The domain password permission identifies who can reset the password of a user object.

D. Logical tokens are similar in content to certificates. They contain the rights and access privileges of the token bearer.

A. Group policies allow you to automatically implement restrictions on operating system components.

D. The acceptable use policy should clearly define the use of cell phones within an organization.