A company is running a web application that is using Amazon Cognito for authentication. The company does not want to use multi-factor authentication (MFA) for all the visitors every time, but the company's security team has concerns about compromised credentials. The development team needs to configure mandatory MFA only when suspicious sign-in attempts are detected.
Which Amazon Cognito feature will meet these requirements?

A. Short message service (SMS) text message MFA
B. Advanced security metrics
C. Time-based one-time password (TOTP) software token MFA
D. Adaptive authentication