An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which
mitigation measure would detect and correct this?

A.
User rights reviews

B.
Least privilege and job rotation

C.
Change management

D.
Change Control

Explanation:
A privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges
assigned according to the policies of an organization. This means that a user rights review will reveal whether
user accounts have been assigned according to their ‘new’ job descriptions, or if there are privilege creep
culprits after transfers has occurred.