An organization has several production critical SCADA supervisory systems that cannot follow the normal 30-day patching policy. Which of the following BEST maximizes the protection of these systems from malicious software?
A . Configure a firewall with deep packet inspection that restricts traffic to the systems
B . Configure a separate zone for the systems and restrict access to known ports
C . Configure the systems to ensure only necessary applications are able to run
D . Configure the host firewall to ensure only the necessary applications have listening ports
Answer: C