The system administrator has deployed updated security controls for the network to limit risk of attack. The
security manager is concerned that controls continue to function as intended to maintain appropriate security
posture.
Which of the following risk mitigation strategies is MOST important to the security manager?

A.
User permissions

B.
Policy enforcement

C.
Routine audits

D.
Change management

Explanation:
After you have implemented security controls based on risk, you must perform routine audits. These audits
should include reviews of user rights and permissions as well as specific events. You should pay particular
attention to false positives and negatives.