You have setup your environment as shown below with the Mount Target "MT" successfully mounted on both compute instances CLIENT-X and CLIENT-Y. For security reasons you want to control the access to the File System A in such a way that CLIENT-X has READ/WRITE and CLIENT-Y has READ only permission. 

What you should do? 

Answer options:

A. Update the OS firewall in CLIENT-X to allow READ/WRITE access.
B. Update the security list TWO to restrict CLIENT-Y access to read-only.
C. Update the mount target export options to restrict CLIENT-Y access to read-only.
D. Update the security list ONE to restrict CLIENT-Y access to read only.

D