KT-IAS Multi-factor authentication (MFA)

During a tabletop, the team must choose MFA for privileged break-glass accounts. What is the MOST appropriate design?

Multiple choice — select one answer

Answer choices

  1. a. Shared TOTP seed in a wiki page, using shared credentials instead of individual accountability.
  2. b. Same SMS OTP as standard users for simplicity, without security or identity team coordination per policy.
  3. c. Hardware tokens stored in a physical safe with dual control and separate from daily user MFA
  4. d. No MFA on break-glass to speed recovery, using shared credentials instead of individual accountability.

Architectural breakdown & explanation

Break-glass accounts need strongest factors and procedural controls; shared seeds defeat MFA purpose.

Correct answer(s): c. Hardware tokens stored in a physical safe with dual control and separate from daily user MFA

Exam domain: Multi-factor authentication (MFA) (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Identity & Access Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.