A corporation employs external auditors who require access to the company's server infrastructure for a limited duration. The security policy enforces minimum necessary privileges and mandates that access credentials should expire immediately after the auditing task is completed. Which of the following practices should be implemented to comply with the security policy?
Issuing a set of shared credentials that the audit team can use
Generating non-expiring API keys for auditors to use during their review
Creating permanent accounts with privileged access for each auditor
Allocating time-restricted access tokens for server access