A leading financial institution is enhancing its security infrastructure by revising user access controls. The IT department, in collaboration with the security team, deliberates on the essential principles to guide their implementation efforts. A primary focus is on ensuring proper authentication and authorization mechanisms are in place. Which of the following measures should the IT department integrate to ensure users are both authenticated and authorized before gaining access to sensitive resources? (Select the two best options.)
* A. Implementing multifactor authentication (MFA)
* B. Assigning role-based access controls (RBAC)
* C. Using a single shared password for all users
* D. Relying on facial recognition for guest users