Some don't appear to have it at all (1&1), some offer an option to SMS a code (godaddy/namecheap), a few offer integration with something like Authy/Google Auth.
>>And it still does not disable social engineering as attack option.
It's better than what I see from other registrars. It is not perfect. You, of course, are in control of the answers to the challenge questions, they don't have to be the truth.
https://www.namesilo.com/Support/2~Factor-Authentication
https://www.namesilo.com/Support/Domain-Defender
It's also very reasonably priced in general. The 2FA and Domain Defender are free.
Edit: No, it's not the same level of protection as what CF is describing. But, it's more than what you'll typically find at a registrar, and cheap.