A security audit has revealed that a process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so it is placed on a projected network segment.
Which of the following would be MOST effective to implement to further mitigate the reported vulnerability?
A . DNS sinkholding
B . DLP rules on the terminal
C . An IP blacklist
D . Application whitelisting
Answer: D