Charles wants to reduce the threat scope of compromised credentials. What type of the following security controls is best suited to meeting this need?

Zero trust designs implement continuous verification, which is an effective control used to limit the threat scope of compromised credentials. While multifactor authentication can be a useful control in this circumstance, a fully implemented zero-trust design will provide greater control than just MFA alone. Single sign-on and federation are both likely to increase threat scope in a compromised credential scenario.