Scarlett is a system administrator of a large bank. She regularly copies files from different servers in the environment to her workstation for analysis and debugging purposes. A security audit is conducted by an outside firm, and a finding indicates that Scarlett's administrative account must be better protected and more closely monitored and should be regularly audited. Why?

The privileges of system administrators must be heavily protected because system administrators are a dual threat: they could choose to become attackers themselves, and their accounts and privileges are targets for attackers, even if the administrators can be trusted.

Scarlett is working outside of the network firewall and putting the data at risk.

The U$.$S$.$ National Security Agency requires that file transfers be monitored and auditable for legal purposes.

The U$.$S$.$ National Security Agency recommends all files be stored in a central location for debugging and not on a local workstation; Scarlett was violating that operational policy.