Certified in Risk and Information Systems Control (CRISC) — Question 1441

Which of the following is an administrative control?

Answer options

• A. Water detection
• B. Reasonableness check
• C. Data loss prevention program
• D. Session timeout

Correct answer: C

Explanation

The correct answer is C, as a Data loss prevention program is an administrative control aimed at managing and mitigating data security risks. Options A, B, and D are primarily technical or physical controls, focusing on specific technical measures rather than broader administrative policies.