Which item is a common focus of auditing system accounts?

Inactive or dormant accounts have the highest risk among system accounts because they can remain enabled without anyone actively managing them, potentially serving as hidden entry points for attackers or as forgotten access for former employees. Auditing system accounts focuses on identifying accounts that haven’t shown activity for a defined period, verifying ownership, and taking action to disable, remove, or revalidate those accounts. This helps prevent privilege creep and reduces the attack surface by cleaning up unused access. While MFA enforcement, frequent password changes, and real-time monitoring are important security controls, they address authentication policies, credential hygiene, and ongoing activity detection rather than the core practice of auditing the lifecycle and state of system accounts.