Certified Administrative Professional (CAP) Practice Exam 2025 – Your All-in-One Guide to Exam Mastery!

The correct choice focuses on common controls, which are defined as security measures that can be applied consistently across multiple information systems or throughout an organization. These controls are typically established at a central level and are designed to protect assets in a uniform manner. The concept of "inheritance" is key here; when one system adopts these controls, it can rely on the established security measures without needing to duplicate them for each individual system.

In contrast, baseline controls are more specific and tailored to an individual system or a particular environment's requirements. Compensating controls are alternative measures that can be enacted if the primary controls cannot be implemented, and administrative controls refer to policies and procedures for ensuring that security practices are followed within an organization. Each of these types of controls serves a specific purpose, but only common controls are inheritable across systems, making them the right answer in this context.