To ensure compliance with a security policy requiring that passwords be a combination of letters and numbers, an IS auditor should recommend that: 
A、the company policy be changed. 
B、passwords are periodically changed. 
C、an automated password management tool be used. 
D、security awareness training is delivered.