Choice "A" is correct. User accounts should immediately be disabled or removed upon termination of any employee. Enabled accounts for terminated employees present a great security risk since they allow unauthorized access to the system.
Choice "c" is incorrect. Passwords are usually required to be a combination of characters, but in comparison to failing to disable accounts for former employees, weak passwords do not present the greatest risk. Passwords, however weak they may be, provide at least some security.
Choice "b" is incorrect. While management procedures should always be documented, lack of documentation does not present a high security risk as long as there are procedures in place that are being used.
Choice "d" is incorrect. Security logs should be reviewed periodically by the administrator regardless of whether employees have left the company. While reviewing logs might detect unauthorized system access, allowing former employees to maintain active passwords has a high security risk of allowing the unauthorized access.
