A global enterprise implements a zero-trust architecture requiring continuous authentication and authorization. During an incident investigation, security analysts discover that a compromised service account with high privileges has been making API calls from multiple geographic locations simultaneously. The account uses certificate-based authentication with a valid certificate that won't expire for 18 months. What is the MOST effective immediate containment action? A. Revoke the certificate through the Certificate Authority's Certificate Revocation List (CRL) B. Disable the service account in the identity provider C. Implement IP-based geo-fencing to block requests from unauthorized locations D. Rotate the account credentials and force re-authentication Come back for the answer tomorrow, or study more now!