Scenario: A newly created Citrix Virtual Apps and Desktops site has sensitive information. The users consistently use different browsers for their daily tasks. A Citrix Engineer is looking for ways to minimize attacks like ransomware, phishing, and session hijacking.

Which two steps can the engineer take to minimize attacks without interfering with user productivity? (Choose two.)

A. Disable access to specific browsers.

B. Disable all the user plugins.

C. Implement HTTP Strict Transport Security (HSTS).

D. Use HTTP response headers to send security policies to endpoint browsers.