What is a common mitigation for phishing threats?

• A. Email filtering only.
• B. User training and multi-factor authentication (MFA) and email filtering.
• C. User training only.
• D. Disabling email completely.

Answer: (B)

Phishing threats are best mitigated with layered defenses that address both technology and user behavior. Email filtering reduces the number of phishing messages that reach users, and user training increases the likelihood that people recognize and avoid suspicious emails. Multi-factor authentication adds a final barrier, so even if credentials are stolen, an attacker still can’t access accounts without the second factor. Together, these controls provide defense in depth: filters cut exposure, training lowers the risk of a successful click, and MFA blocks credential-based breaches. Relying on only one measure leaves gaps—filters can be bypassed, training alone can’t stop all attempts, and disabling email isn’t practical.