Role-Based Access Control (RBAC) is designed around the principles of least privilege and separation of duties, ensuring users have only the access necessary for their roles, thus enhancing security.

HTTPS (Hypertext Transfer Protocol Secure) is the protocol used to secure web traffic over the Internet by encrypting data between the user's browser and the web server, ensuring privacy and data integrity.

During the Containment, Eradication, and Recovery phase, evidence is collected and preserved to understand the incident and prevent future occurrences. This is crucial for effective incident response.

Risk Avoidance is a qualitative risk management strategy that involves eliminating the risk entirely, rather than trying to manage or transfer it. The other options focus on quantifying or mitigating risks, which are not qualitative.

Asymmetric Encryption uses two different keys: a public key for encryption and a private key for decryption. This contrasts with Symmetric Encryption, which uses the same key for both processes.

A Password Policy is a security policy that defines rules for creating and managing passwords, ensuring security. In contrast, Firewall Configuration, Network Topology, and Data Backup Schedule are not classified as security policies.

The principle of 'separation of duties' aims to prevent conflict of interest by ensuring that no single individual has control over all aspects of a transaction, thereby reducing the risk of fraud and errors.