An IS auditor finds that an organization’s data loss prevention (DLP) system is configured to use vendor default settings to identify violations.
The auditor’s MAIN concern should be that:
A . violations may not be categorized according to the organization’s risk profile.
B . violation reports may not be retained according to the organization’s risk profile.
C . violation reports may not be reviewed in a timely manner.
D . a significant number of false positive violations may be reported.
Answer: A