An organization recently experienced a phishing attack that resulted in a breach of confidential information. Which of the following would be MOST relevant for an IS auditor to review when determining the root cause of the incident?

A. Email configurations
B. Simple mail transfer protocol (SMTP) logging
C. Browser configurations
D. Audit logging