An IS auditor reviewing access controls for a client-server environment should FIRST: 
A、evaluate the encryption technique. 
B、identify the network access points. 
C、review the identity management system. 
D、review the application level access controls.