Both theses users are not affected by the account lock feature, because have privilege-level 15 assigned. If you look at the solution, all users, except NO-LOCK have a privilege-level lower than 15 assigned, the user HTTP-USER requires privilege-level 15 to manage the ASA via ASDM (this is becasue command authorization has been configured).
So to answer your question, both users are not affected by the policy, but task requirements are satisified as you need to assign priv 15 also to user HTTP-USER.
Cristian Matei, CCIE #23684 (SC/R&S)
Online Community: http://www.ieoc.com
CCIE Blog: http://blog.ine.com