During a recent audit, it was discovered that several user accounts belonging to former employees were still active and had valid VPN permissions.
Which of the following would help reduce the amount of risk the organization incurs in this situation in the future?
A. Time-of-day restrictions
B. User access reviews
C. Group-based privileges
D. Change management policies