An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities. Which of the following is the BEST recommendation by the IS auditor? 

Answer options:

A. Improve the change management process
B. Perform a configuration review
C. Establish security metrics
D. Perform a penetration test

B