A penetration tester was able to obtain elevated privileges on a client workstation and multiple servers using thecredentials of an employee. Which of the following controls would mitigate these issues? (Choose two.)
A.
Separation of duties
B.
Least privilege
C.
Time of day restrictions
D.
Account expiration
E.
Discretionary access control
F.
Password history