First, "counter measures" are a type of control that reduce vulnerability and ultimately, risk. "B" would be the best answer because the actions they produce will have a more profound and direct outcome or impact of attempted social engineering attacks.
-"A" is useless without people behaving the way they're supposed to.
-"C" is not a good choice because no matter how good or bad security awareness training is, this training won't matter if people's behaviors are poor.
-"D" isn't that great either because there are still other attack vectors social engineering can use besides e-mail, and again, this won't matter either if people's behaviors aren't good.
It takes both educating people and having those people behave appropriately to have a great, mitigating effect on social engineering reduction.
A, C, and D heavily depend on people's behavior, making B the best choice for an answer.