Attacker cannot continue to try different passwords if the account gets locked out. That's actually from A+.

D Lockout policy is the BEST option The other options create a strong password policy

The best policy to deter a brute-force login attack is D. Account lockout threshold. This policy directly limits the number of login attempts, thereby preventing an attacker from continuously attempting to guess the correct password. Implementing an account lockout threshold makes brute-force attacks impractical by significantly increasing the time required to successfully guess a password.

Because a policy of locking out accounts after a certain number of failed login attempts can effectively deter brute-force attacks. This is because the attacker will be unable to continue trying different passwords once the account has been locked out, making it more difficult to gain unauthorized access.

Dis the correct answer, locking out the user or attacker after few tries will prevent that