In addition to discretionary, non-discretionary, and mandatory access control, which two should be part of an organization’s access security plan? (Choose two.)
A. separation of duties
B. account lock-outs
C. physical security locks
D. principle of least privilege
E. photo identification
