A security analyst is revising a company's MFA policy to prohibit the use of short message service (SMS) tokens. The Chief Information Officer has questioned th...

A security analyst is revising a company's MFA policy to prohibit the use of short message service (SMS) tokens. The Chief Information Officer has questioned this decision and asked for justification. Which of the following should the analyst provide as justification for the new policy?

A. SMS relies on untrusted, third-party carrier networks. B. SMS tokens are limited to eight numerical characters. C. SMS is not supported on all handheld devices in use. D. SMS is a cleartext protocol and does not support encryption.