Which of the following is NOT an administrative control?

Which of the following is NOT an administrative control?

A.
Logical access control mechanisms

B.
Screening of personnel

C.
Development of policies, standards, procedures and guidelines

D.
Change control procedures

Explanation:
Administrative controls are security mechanisms that are management’s responsibility and referred to as “soft”
controls. These controls include the development and publication of policies, standards, procedures, and
guidelines; the screening of personnel; security-awareness training; the monitoring of system activity; and
change control procedures.
Logical access control mechanisms are not an example of administrative controls. They are an example of a
“Logical control” also known as a “Technical control”.
Incorrect Answers:
B: Screening of personnel is an example of an administrative control.
C: Development of policies, standards, procedures and guidelines is an example of an administrative control.
D: Change control procedures are an example of an administrative control.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 28