A company is required to ensure all access to its cloud instance for all users to utilize two-factor authentication. The QA team confirms all functional requirements successfully test. After deployment, all business users report the two-factor authentication is not enforced while accessing the instance.
Which of the following would be the MOST likely reason the QA team did not catch the issue?
A . The business users are using the wrong hardware token to log in.
B . The administrator configured to use two-factor authentication by default.
C . The QA team only tested functional requirements.
D . The business users are accessing the instance located in their country.