A penetration tester was able to obtain elevated privileges on a client workstation and multiple
servers using the credentials of an employee. Which of the following controls would mitigate these
issues? (Select TWO)
A.
Separation of duties
B.
Least privilege
C.
Time of day restrictions
D.
Account expiration
E.
Discretionary access control
F.
Password history