Employee workstations are configured to only boot from the internal disk. You are tasked with verifying that this security configuration cannot be changed. What option will help ensure the default boot device cannot be changed?
Only allow software from trusted sources
Setup a BIOS/UEFI password
Disable admin accounts
Utilize data encryption