A security engineer has recently become aware of a Java application that processes critical

information in real time on the company's network. The Java application was scanned with SAST

prior to deployment, and all vulnerabilities have been mitigated. However, some known issues

within the Java runtime environment cannot be resolved. Which of the following should the

security engineer recommend to the developer in order to mitigate the issue with the LEAST

amount of downtime?

A$.$ Perform software composition analysis on libraries from third parties.

B$.$ Run the application in a sandbox and perform penetration tests.

C$.$ Rewrite and compile the application in C$++$ and then reinstall it$.$

D$.$ Embed the current application into a virtual machine that runs on dedicated hardware.