An IS auditor reviewing access controls for a client-server environment should FIRST:
A、evaluate the encryption technique.
B、identify the network access points.
C、review the identity management system.
D、review the application level access controls.