Which of the following is the BEST approach to perform risk mitigation of user access control
rights?

A.
Conduct surveys and rank the results.

B.
Perform routine user permission reviews.

C.
Implement periodic vulnerability scanning.

D.
Disable user accounts that have not been used within the last two weeks.

Explanation:
Risk mitigation is accomplished any time you take steps to reduce risk. This category includes
installing antivirus software, educating users about possible threats, monitoring network traffic,
adding a firewall, and so on. User permissions may be the most basic aspect of security and is
best coupled with a principle of least privilege. And related to permissions is the concept of the
access control list (ACL). An ACL is literally a list of who can access what resource and at what
level. Thus the best risk mitigation steps insofar as access control rights are concerned, is the
regular/routine review of user permissions.