What are the most common methods that security auditors use to access an organization’s security processes? (Choose two.)
A. physical observation
B. social engineering attempts
C. penetration testing
D. policy assessment
E. document review
F. interviews