Answer – B
This is mentioned in the AWS Documentation.
You may also modify the following properties of your password policies to specify if and how Active Directory should lockout an account after login failures:
· Number of failed login attempts allowed
· Account lockout duration
· Reset failed logon attempts after some duration
Option A is incorrect since this is used to encrypt all data in transit.
Option C is incorrect since this is used for adding one more layer of authentication.
Option D is incorrect since this is used for managing access to IAM users.
For more information on supported password policy settings, please visit the below URL
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/supportedpolicysettings.html