During a tabletop, the team must choose MFA for privileged break-glass accounts. What is the MOST appropriate design?
Multiple choice — select one answer
Answer choices
Architectural breakdown & explanation
Break-glass accounts need strongest factors and procedural controls; shared seeds defeat MFA purpose.
Correct answer(s): c. Hardware tokens stored in a physical safe with dual control and separate from daily user MFA
Exam domain: Multi-factor authentication (MFA) (20% weight on the official guide).
Official documentation & study links
Practice this certification
This page is one question from the KeyTrain's Key Training — Identity & Access Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.