Question 93
Main Page
A new policy requires multifactor authentication (MFA) for all critical systems. What should follow policy approval?
A. Stop password expiration
B. Train users and initiate phased rollout
C. Remove all non-critical systems
D. Send policy only to IT staff
Answer: B. Train users and initiate phased rollout
Policy adoption needs planning, stakeholder buy-in, communication, and technical implementation—especially for impactful controls like MFA.