A company's security policy mandates control over the use of portable storage to protect sensitive data. Which method should a security administrator apply to allow only pre-approved portable storage devices to connect to the system?
Deactivate all data ports to prevent access.
Require encryption on all portable storage devices.
Enforce a hardware device control policy based on whitelisting.
Turn off the automatic execution of programs on all data ports.