A periodic review of user account management should not determine:

A.
Conformity with the concept of least privilege

B.
Whether active accounts are still being used

C.
Strength of user-chosen passwords

D.
Whether management authorizations are up-to-date