Comprehensive and Detailed Explanation:
The most concerning issue in DLP implementations is when tuning has never been completed.
DLP solutions require fine-tuning to properly recognize sensitive data patterns and avoid false positives/false negatives.
If tuning is incomplete, the solution will either block legitimate business processes (too restrictive) or fail to detect actual leaks (too permissive).
Now let’s break down the options:
Option A: Server support limitations may be an issue, but DLP is primarily endpoint-focused here.
Option B: Implementing blocking mode without tuning can cause disruptions, but it is not as bad as never completing tuning.
Option D: Running in monitoring mode is acceptable in early stages of deployment (testing phase).
Therefore, never completing tuning (C) represents a fundamental control weakness and is the greatest concern.
???? ISACA Reference: CISA Review Manual 27th Edition, Domain 5, section on data leakage prevention and monitoring tools.
