Explanation
If the employee already works in the accounting department, MFA will not stop their actions because they'll already have access by virtue of their job.
Enforcing mandatory employee vacations is the best recommendation to prevent this type of activity in the future, as it will make it harder for an employee to conceal fraudulent transactions or unauthorized changes to a payment system. Mandatory employee vacations are a form of internal control that requires employees to take time off from work periodically and have their duties performed by someone else. This can help detect errors, irregularities, or frauds committed by employees who might otherwise have exclusive access or control over certain processes or systems.

Explanation
https://www.bleepingcomputer.com/news/security/certutilexe-could-allow-attackers-to-download-malware-while
--- https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk
The
certutil command is a Windows utility that can be used to manipulate certificates and certificate authorities.
However, it can also be abused by attackers to download files from remote servers using the -urlcache option.
In this case, the command downloads accesschk64.exe from http://192.168.2.124/windows-binaries/ and saves it locally. Accesschk64.exe is a tool that can be used to check service permissions and identify potential privilege escalation vectors. The other commands are not relevant for this purpose. Powershell is a scripting language that can be used to perform various tasks, but in this case it uploads a file instead of downloading one. Schtasks is a command that can be used to create or query scheduled tasks, but it does not help with service permissions. Wget is a Linux command that can be used to download files from the web, but it does not work on Windows by default.

After performing a web penetration test, using the OWASP (Open Web Application Security Project) standards or methodologies would be the best choice for ranking the findings by criticality. OWASP is renowned for its comprehensive documentation and guidelines on web application security, including the well-known OWASP Top 10 list, which outlines the ten most critical web application security risks. This makes it an ideal reference for categorizing and prioritizing vulnerabilities discovered during a web penetration test.
While MITRE ATT&CK, PTES (Penetration Testing Execution Standard), and NIST (National Institute of Standards and Technology) provide valuable frameworks and methodologies for cybersecurity, OWASP's focus on web applications specifically makes it the most suitable for this context.