The Chief Executive Officer at a bank recently saw a news report about a high-profile cybercrime where a remote-access tool that the bank uses for support was also used in this crime. The report stated that attackers were able to brute force passwords to access systems. Which of the following would BEST limit the bank's risk? (Choose two.)

A. Enable multifactor authentication for each support account. B. Limit remote access to destinations inside the corporate network. C. Block all support accounts from logging in from foreign countries. D. Configure a replacement remote-access tool for support cases. E. Purchase a password manager for remote-access tool users. F. Enforce account lockouts after five bad password attempts.