Universal Containers allows employees to use a mobile device to access Salesforce for daily operations using a hybrid mobile app. This app uses Mobile software development kits (SDK), leverages refresh token to regenerate access token when required and is distributed as a private app.
The chief security officer is rolling out an org wide compliance policy to enforce re- verification of devices if an employee has not logged in from that device in the last week.
Which connected app setting should be leveraged to comply with this policy change?

A. Scope - Deny refresh_token scope for this connected app.

B. Refresh Token Policy - Expire the refresh token if it has not been used for 7 days.

C. Session Policy - Set timeout value of the connected app to 7 days.

D. Permitted User - Ask admins to maintain a list of users who are permitted based on last login date.