Which of the following is an example of administrative controls?

Administrative controls are essential components of an organization's security framework, focusing on policies, procedures, and regulations that manage the organization's security posture. These controls are primarily concerned with the management and organizational aspects of security, rather than technical or physical measures.

The choice that exemplifies administrative controls includes security policies and contingency planning. Security policies outline the guidelines and rules for maintaining information security and ensuring compliance with legal and regulatory requirements. Contingency planning involves preparing for potential incidents and disruptions, ensuring that the organization has a structured response in place to maintain operations and protect assets.

In contrast, the other options pertain to technical or physical security measures. Smart cards and encryption are examples of technological controls that protect data and manage user access. Alarm systems and surveillance cameras represent physical controls aimed at monitoring and securing premises. Access control lists are a form of technical control that define permissions for users regarding data and resources. Therefore, the emphasis on security policies and contingency planning makes the selected answer representative of administrative controls.