A penetration test shows that almost all database servers were able to be compromised through a default database user account with the default password. Which of the following is MOST likely missing from the operational procedures?

A.
Application hardening

B.
OS hardening

C.
Application patch management

D.
SQL injection