What security feature helps protect an account against brute-force attacks?

Account lockout policies are designed specifically to enhance account security and protect against brute-force attacks. These policies automatically lock a user account for a certain period or until an administrator intervenes after a predetermined number of unsuccessful login attempts. This means that if an attacker tries to guess a password repeatedly, they will be stopped after the specified number of failed attempts, significantly decreasing the likelihood of unauthorized access.

While other options contribute to overall security practices, they address different aspects. For example, password expiration encourages users to change their passwords regularly, which can reduce the risk of an account being compromised if a password is leaked or weak. Firewall settings serve to block unwanted traffic and prevent unauthorized access at the network level, while network segmentation involves dividing a computer network into smaller parts to improve performance and security. However, none of these directly counteract brute-force attacks in the manner that account lockout policies do.