A security analyst is mitigating a pass-the-hash vulnerability on a Windows infrastructure. Given the requirement, which of the following should the security analyst do to MINIMIZE the risk? 

Answer options:

A. Enable CHAP
B. Disable NTLM
C. Enable Kerebos
D. Disable PAP

B