A security audit has revealed that a process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so it is placed on a protected network segment. Which of the following would be MOST effective to implement to further mitigate the reported vulnerability? 

Answer options:

A. DNS sinkholing
B. DLP rules on the terminal
C. An IP blacklist
D. Application whitelisting

D