An IS auditor finds that an organization`s data loss prevention (DLP) system is configured to use vendor default settings to identify violations. The auditor`s MAIN concern should be that: 

Answer options:

A. violations may not be categorized according to the organization`s risk profile.
B. violation reports may not be retained according to the organization`s risk profile.
C. violation reports may not be reviewed in a timely manner.
D. a significant number of false positive violations may be reported.

A