The use of Network Access Control (NAC) on switches is a major consideration in implementing a Voice over IP (VoIP) network. NAC is a mechanism that enforces security policies on the network devices, such as switches, routers, firewalls, and servers. NAC can prevent unauthorized or compromised devices from accessing the network, or limit their access to specific segments or resources. NAC can also monitor and remediate the devices for compliance with the security policies, such as patch level, antivirus status, or configuration settings. NAC can enhance the security and performance of a VoIP network, as well as reduce the operational costs and risks. References: Official (ISC)2 CISSP CBK Reference, Fifth Edition, Domain 4:
Communication and Network Security, p. 473; CISSP All-in-One Exam Guide, Eighth Edition, Chapter 6:
Communication and Network Security, p. 353.

Instead of using a Certificate Authority, PGP uses a "Web of Trust", where users can certify each other in a mesh model, which is best applied to smaller groups. In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority (or a hierarchy of such). The web of trust concept was first put forth by PGP creator Phil Zimmermann in 1992 in the manual for PGP version 2.0. Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991.
As per Shon Harris's book: Pretty Good Privacy (PGP) was designed by Phil Zimmerman as a freeware e-mail security program and was released in 1991. It was the first widespread public key encryption program. PGP is a complete cryptosystem that uses cryptographic protection to protect e-mail and files. It can use RSA public key encryption for key management and use IDEA symmetric cipher for bulk encryption of data, although the user has the option of picking different types of algorithms for these functions. PGP can provide confidentiality by using the IDEA encryption algorithm, integrity by using the MD5 hashing algorithm, authentication by using the public key certificates, and nonrepudiation by using cryptographically signed messages. PGP initially used its own type of digital certificates rather than what is used in PKI, but they both have similar purposes. Today PGP support X.509 V3 digital certificates.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 169).
Shon Harris, CISSP All in One book
https://en.wikipedia.org/wiki/Pretty_Good_Privacy
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

Explanation/Reference:
Explanation:
A protection domain consists of the execution and memory space assigned to each process. The purpose of establishing a protection domain is to protect programs from all unauthorized modification or executional interference. The security perimeter is the boundary that separates the Trusted Computing Base (TCB) from the remainder of the system. Security labels are assigned to resources to denote a type of classification.
Abstraction is a way to protect resources in the fact that it involves viewing system components at a high level and ignoring its specific details, thus performing information hiding.
References: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 193).

The corre answers are all excellent reasons for testing a disaster
recovery plan. Until a disaster recovery plan has been tested thoroughly,
no plan can be considered complete. Since the functionality of the plan
directly determines the ability of an organization to survive a business
interrupting event, testing is the only way to have some degree of
confidence that the plan will work.
*Answer "Testing provides the contingency planner with recent documentation" is a distracter.
Source: The International Handbook of Computer Security, by Jae K.
Shim, Anique A.
Qureshi, and Joel G.
Siegel (The Glenlake Publishing Co. Ltd, 2000).

The most effective method of mitigating the vulnerability of hard-coded session keys is to use the Diffle-Hellman (DH) algorithm. The DH algorithm is a key exchange protocol that allows two parties to establish a shared secret key over an insecure channel, without revealing the key to anyone else. The DH algorithm uses the mathematical properties of modular arithmetic and discrete logarithms to generate the key.
The DH algorithm can be used to create a session key for each communication session, instead of using a hard-coded key that is fixed and static. This can prevent an attacker from extracting the key from the client or server applications, or from intercepting the key during the transmission. The DH algorithm can also provide forward secrecy, which means that the compromise of one session key does not affect the security of the previous or future session keys. Elliptic Curve Cryptography (ECC) algorithm, Digital Signature algorithm (DSA), and Rivest-Shamir-Adleman (RSA) algorithm are not the most effective methods of mitigating the vulnerability of hard-coded session keys, although they may be related or useful cryptographic techniques.
ECC algorithm is a type of public key cryptography that uses the mathematical properties of elliptic curves to generate public and private keys. ECC algorithm can provide the same level of security as other public key algorithms, such as RSA, but with smaller key sizes and faster computations. ECC algorithm can be used for key exchange, encryption, or digital signatures, but it does not directly address the issue of hard-coded session keys. DSA algorithm is a type of public key cryptography that is used for digital signatures. DSA algorithm uses the mathematical properties of modular arithmetic and discrete logarithms to generate public and private keys, and to sign and verify messages. DSA algorithm can provide authentication, integrity, and non-repudiation, but it does not provide encryption or key exchange, and it does not directly address the issue of hard-coded session keys. RSA algorithm is a type of public key cryptography that is used for encryption, decryption, or digital signatures. RSA algorithm uses the mathematical properties of prime numbers and modular arithmetic to generate public and private keys, and to encrypt and decrypt messages, or to sign and verify messages. RSA algorithm can provide confidentiality, authentication, integrity, and non-repudiation, but it does not directly address the issue of hard-coded session keys.