Which of the following is an example of an administrative control?

Administrative controls are policies, procedures, and practices in an organization that are designed to manage and mitigate risks to information security. These controls often focus on the human aspect of security, which includes how personnel are selected, trained, and monitored.

Personnel screening is a prime example of an administrative control as it involves evaluating and ensuring that individuals who are trusted with sensitive information or systems have the required qualifications, background, and integrity. By conducting thorough background checks and screening processes, organizations mitigate the risk of insider threats and ensure that employees are likely to comply with security policies.

In contrast, encryption of data, firewalls, and antivirus software are all technical controls. These are technological measures used to protect information systems from unauthorized access or threats. While they are essential elements of a comprehensive security strategy, they do not fall under the category of administrative controls, which are fundamentally about governance and policy management.