It depends on whether it is a new installation of 7.31 or higher, or an older installation which has been upgraded.
If login/password_compliance_to_current_policy has it's default, then all of the above is the possible.
If, depending on above, USR40 is maintained with very basic policies then probably none of them will be possible unless it is a password set by an admin.
So if the IT employees can set productive passwords for themselves in SU01, then it is again just a warning about the characters, so most tempting answer would be 4 in that case.
But most likely answer is that after assigning the policy, all of the above would still continue to work.
Cheers,
Julius