Your company has set up the AWS Managed Microsoft AD directory service. They need to ensure that users` accounts get locked after a specified number of failed login attempts. How can you achieve this?

Answer options:

A.Enable LDAP over SSL.
B.Use Password policies in the directory service.
C.Enable MFA for the directory service.
D.Use IAM Policies.

Answer – B
This is mentioned in the AWS Documentation.
You may also modify the following properties of your password policies to specify if and how Active Directory should lockout an account after login failures:
· Number of failed login attempts allowed
· Account lockout duration
· Reset failed logon attempts after some duration
Option A is incorrect since this is used to encrypt all data in transit.
Option C is incorrect since this is used for adding one more layer of authentication.
Option D is incorrect since this is used for managing access to IAM users.
For more information on supported password policy settings, please visit the below URL
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/supportedpolicysettings.html