Which of the following is the BEST approach to perform risk mitigation of user access control rights?

A.
Conduct surveys and rank the results.

B.
Perform routine user permission reviews.

C.
Implement periodic vulnerability scanning.

D.
Disable user accounts that have not been used within the last two weeks.

Explanation:
Risk mitigation is accomplished any time you take steps to reduce risk. This category includes installing
antivirus software, educating users about possible threats, monitoring network traffic, adding a firewall,
and so on. User permissions may be the most basic aspect of security and is best coupled with a principle
of least privilege. And related to permissions is the concept of the access control list (ACL). An ACL is
literally a list of who can access what resource and at what level. Thus the best risk mitigation steps
insofar as access control rights are concerned, is the regular/routine review of user permissions.
Incorrect Answers:
A: Conducting a survey and ranking the results are part of assessing risk and not risk mitigation.
C: A vulnerability scanner is a software application that checks your network for any known security holes;
it’s better to run one on your own network before someone outside the organization runs it against you.D: Disabling user accounts that have not been used within the last wo weeks may just be the user
accounts of employees on mandatory vacations, depending on how long the leave period is.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 9-10, 220-221, 342-343