A small newspaper company has problems, because one of their servers
was modified by someone. Before this incident, they didn’t bother about security. After a new installation, they now want to restrict access to the system. Which two options will enhance their access control? (Choose two.)

A.
Disable services without authentication.

B.
Enable auditing for login and logout activities.

C.
Use Role Based Access Control (RBAC) for administrative tasks.

D.
Create a wheel group and list the admin accounts in this group to limit the su command to only those people.