KT-IAS Multi-factor authentication (MFA)

Security wants MFA for all VPN users; help desk reports 40% lockouts after rollout. Best NEXT step?

Multiple choice — select one answer

Answer choices

  1. a. Remove MFA from VPN entirely to restore previous login success rates quickly
  2. b. Allow SMS-only MFA permanently because it has the lowest support burden, without security or identity team coordination per policy.
  3. c. Analyze failure reasons, offer phishing-resistant options, and targeted training for edge cases
  4. d. Set MFA remember-me to ninety days on all devices without reviewing risk

Architectural breakdown & explanation

MFA rollouts need tuning and user support; abandoning MFA removes a critical control.

Correct answer(s): c. Analyze failure reasons, offer phishing-resistant options, and targeted training for edge cases

Exam domain: Multi-factor authentication (MFA) (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Identity & Access Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.