A recent security audit identified multiple endpoints have the following vulnerabilities:

$-$ Various unsecured open ports

$-$ Active accounts for terminated personnel

$-$ Endpoint protection software with legacy versions

$-$ Overly permissive access rules

Which of the following would BEST mitigate these risks? $($Choose three$).$

A$.$ Local drive encryption

B$.$ Secure boot

C$.$ Address space layout randomization

D$.$ Unneeded services disabled

E$.$ Patching

F$.$ Logging

G$.$ Removal of unused accounts

H$.$ Enabling BIOS password