which security policy is set to reject on a vSphere Standard Switch?

A security team is validating policy settings in a vSphere environment.
By default, which security policy is set to reject on a vSphere Standard Switch?

A.
Promiscuous mode

B.
MAC address changes

C.
Forged transmit

D.
Use explicit failover