Which one of the following statements describes management controls that are instituted to
implement a security policy?
A.
They prevent users from accessing any control function.
B.
They eliminate the need for most auditing functions.
C.
They may be administrative, procedural, or technical.
D.
They are generally inexpensive to implement.
Explanation:
Administrative, physical, and technical controls should be utilized to achieve the
management’s directives. – Shon Harris All-in-one CISSP Certification Guide pg 60
c