CompTIA SecurityX (CAS-005) — Question 264

A security officer received several complaints from users about excessive MFA push notifications at night. The security team investigates and suspects malicious activities regarding user account authentication. Which of the following is the best way for the security officer to restrict MFA notifications?

Answer options

• A. Provisioning FIDO2 devices
• B. Deploying a text message based on MFA
• C. Enabling OTP via email
• D. Configuring prompt-driven MFA

Correct answer: D

Explanation

Configuring prompt-driven MFA helps in controlling when and how users receive MFA notifications, allowing them to manage when prompts are sent and reducing unnecessary notifications during off-hours. The other options do not effectively address the issue of excessive notifications at night; for instance, provisioning FIDO2 devices does not limit notifications, while text messages and OTP via email still may generate unnecessary alerts.