Universal Container is a company that deals with Financial data. The chief security officer has requested from the Salesforce Admin to make sure all the employees supply more than their username and password every time they try to access the company’s Salesforce org. What can the Salesforce Admin do to achieve this? Choose 3 answers

Answer options:

A.Set the session security level for two-factor authentication
B.Create a permission set for two-factor authentication
C.Two-factor Authentication should be in high assurance category
D.Enable high security settings feature under the user record

Correct Answer: A, B, and C 
Two-factor authentication is the most effective way to protect your org’s user accounts. As a Salesforce admin, amplify your org’s security by requiring a second level of authentication for every user login. You can also require two-factor authentication when a user meets certain criteria, such as attempting to view reports or access a connected app. 
To make sure that the right security level is associated with the two-factor authentication login method. It’s important to do this step before you set up a 2FA requirement for any admin users. Otherwise, you could prevent yourself or other admins from logging in. 
From Setup, enter Session Settings in the Quick Find box, then select Session Settings. 
Under Session Security Levels, make sure that two-factor authentication is in the High Assurance category. 
Then a permission set is needed. A permission set is a collection of settings and permissions that gives users access to various Salesforce features, including two-factor authentication. 
Option D is incorrect because we don’t have an option to enable security settings feature at user record. 

https://help.salesforce.com/articleView?id=security_require_two_factor_authentication.htm&r=https%3A%2F%2Fwww.google.com%2F&type=5