which of the following practices?

Identifying a list of all approved software on a system is a step in which of the following practices?

A.
Passively testing security controls

B.
Application hardening

C.
Host software baselining

D.
Client-side targeting