A set of standardized system images with a pre-defined set of applications is used to build enduser workstations. The security administrator has scanned every workstation to create a current
inventory of all applications that are installed on active workstations and is documenting which
applications are out-of-date and could be exploited. The security administrator is determining the:

A.
attack surface.

B.
application hardening effectiveness.

C.
application baseline.

D.
OS hardening effectiveness.