A security analyst is performing a review of Active Directory and discovers two new user accounts in

the accounting department. Neither of the users has elevated permissions, but accounts in the group are given access to the company-s sensitive financial management application by default. Which of the following is the BEST course of action?

A. Follow the

incident response plan for the introduction of new accounts

B. Disable the user accounts

C. Remove the accounts- access privileges to the sensitive application

D. Monitor the outbound traffic from the application for signs of data exfiltration

E. Confirm

the accounts are valid and ensure role-based permissions are appropriate