An organization is looking to improve its defenses against attackers attempting to guess passwords in order to breach user accounts. Which of the following is the BEST mitigation strategy to protect against such an attack?
Implement a Virtual Private Network (VPN) for remote access to the network.
Implement an account lockout mechanism after three unsuccessful login attempts.
Require passwords to meet stronger complexity requirements, including a mix of uppercase, lowercase, numbers, and special characters.
Add challenge-response questions to the login process.
Encrypt all data stored on user devices.
Deploy an intrusion detection system to monitor network traffic for suspicious behavior.