An organization is reviewing its security policies to better protect against unauthorized access to employee accounts. Which of the following would be the BEST mitigation strategy to prevent a brute force attack on user passwords?
Implementing strong password policies that require complex passwords
Monitoring for unauthorized access attempts on user accounts
Disabling unused accounts
Enabling account lockouts after a specified number of failed login attempts