To determine who has been given permission to use a particular system resource, an IS auditor should review: A、activity lists. B、access control lists. C、logon ID lists. D、password lists.