A company is required to ensure all access to its cloud instance for all users to utilize two-factor authentication. The QA team confirms all functional requirements successfully test. After deployment, all business users report the two-factor authentication is not enforced while accessing the instance. Which of the following would be the MOST likely reason the QA team did not catch the issue?
A. The business users are using the wrong hardware token to log in.
B. The administrator configured to use two-factor authentication by default.
C. The QA team only tested functional requirements.
D. The business users are accessing the instance located in their country.
