A security audit has revealed that a process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so it is placed on a protected network segment. Which of the following would be MOST effective to implement to further mitigate the reported vulnerability?


A. DNS sinkholing
B. DLP rules on the terminal
C. An IP blacklist
D. Application whitelisting