A deployment professional has created an Access Control Policy to protect sensitive business information, but is not obtaining the desired result.
Considering the rule precedence, which decision is returned for a user with a risk score of 40 and an ipAddress not considered malware?
A. Deny
B. Permit
C. Deny after Authentication One-Time-Password
D. Permit after Authentication One-Time-Password