After an audit, it was discovered that the security group memberships were not properly adjusted for
employees’ accounts when they moved from one role to another. Which of the following has the organization
failed to properly implement? (Choose two.)
Mandatory access control enforcement.
User rights and permission reviews.
Technical controls over account management.
Account termination procedures.
Management controls over account management.
Incident management and response plan.
Reviewing user rights and permissions can be used to determine that all groups, users, and other accounts
have the appropriate privileges assigned according to the policies of the corporation and their job descriptions
since they were all moved to different roles.
Control over account management would have taken into account the different roles that employees have and
adjusted the rights and permissions of these roles accordingly.