Which of the following is the MOST practical control that an organization can implement to prevent unauthorized downloading of data to universal serial bus (USB) storage devices?

A. Two-factor authentication
B. Restrict drive usage
C. Strong encryption
D. Disciplinary action