According to CEH v13, one of the most effective defenses against rogue DHCP servers is DHCP snooping, a Layer 2 security feature that classifies switch ports as either trusted or untrusted. DHCP responses are permitted only on trusted ports, typically those connected to legitimate DHCP servers. Any DHCP OFFER or ACK originating from an untrusted port is dropped automatically. In the scenario, the rogue DHCP server is sending unauthorized configuration settings because the switch is forwarding DHCP messages from all ports without restriction. CEH specifically warns that unmanaged or misconfigured switches allow rogue DHCP servers to assign malicious DNS, gateway, or IP configurations, enabling traffic redirection, interception, or man-in-the-middle attacks. ARP inspection (Option B) protects against ARP spoofing but not DHCP abuses.
Port security (Option C) prevents MAC flooding, not DHCP impersonation. Static reservations (Option D) do not scale and do not stop rogue DHCP servers. DHCP snooping directly mitigates this threat.

The described action is classic web server footprinting through banner grabbing. In CEH reconnaissance methodology, banner grabbing is used to identify a target's service details by eliciting and analyzing standard protocol responses. When Sofia sends a simple HTTP request such as GET / HTTP/1.0, the server often responds with HTTP headers that may include fields like Server and sometimes X-Powered-By, which can reveal the web server product and version, and occasionally information that hints at the underlying operating system or framework. This disclosure is valuable to attackers because it enables targeted exploitation: once the exact server and version are known, an attacker can correlate that information with known vulnerabilities, misconfigurations, and exploit code.
This is not information gathering from robots.txt, which is a web file used to suggest crawler behavior and sometimes reveals hidden paths but does not inherently expose server software versions. It is also not directory brute forcing, which involves systematically guessing directories and files to find hidden endpoints.
Vulnerability scanning is broader and typically involves automated checks to detect vulnerabilities; while banner information can be an input to scanning, the technique shown here is specifically identification through response headers.
CEH-aligned mitigation includes disabling or minimizing server signature information, removing unnecessary headers, keeping server software patched, and using secure configurations and reverse proxies to reduce information leakage during reconnaissance.

CEH v13 highlights that SNMPv1/v2 environments configured with default community strings such as
"public" or "private" present significant security risks because they allow unauthorized users to query system information. SNMP enumeration can reveal processes, interfaces, routing tables, users, device configurations, and more. The snmp-processes Nmap NSE script is specifically designed to enumerate running processes on an SNMP-enabled host. It queries the Host Resources MIB (HR-MIB), which stores operational information about system processes, CPU usage, and memory consumption. This information provides attackers with insights into what services may be exploitable or misconfigured. CEH stresses that SNMPv2 is particularly vulnerable due to lack of encryption and authentication hardening. By enumerating processes, penetration testers can identify potential privilege escalation paths, outdated services, or rogue applications that may aid lateral movement. Other scripts such as snmp-sysdescr or snmp-interfaces retrieve system description or interface data but do not enumerate processes.

The Certified Ethical Hacker (CEH) Cloud Computing and Data Protection module emphasizes the importance of resilient backup strategies to protect against data tampering, ransomware, and unauthorized modification.
The 3-2-1 backup model is a widely recommended best practice referenced in CEH materials. It requires maintaining:
* 3 copies of data
* Stored on 2 different media types
* With 1 copy stored offsite
This approach ensures that even if cloud backups are compromised or altered, clean and uncompromised versions remain available. CEH documentation highlights this model as a core defense against data integrity attacks in cloud environments.
Option D directly mitigates the risk of backup tampering.
Options A, B, and C address unrelated security concerns and do not protect backup integrity.

The KRACK (Key Reinstallation Attack) vulnerability is a critical WPA2 flaw covered extensively in CEH v13 Wireless Network Hacking. KRACK exploits weaknesses in the four-way handshake process, allowing attackers to force reinstallation of encryption keys.
This key reinstallation resets nonces and counters, enabling attackers to decrypt, replay, and forge packets, even on encrypted WPA2 networks. CEH v13 highlights that KRACK does not break encryption mathematically but exploits protocol logic flaws.
Hole196 affects GTK misuse, and WPS PIN attacks target authentication, not replay of encrypted traffic.
Weak RNG issues are unrelated to WPA2 replay.
Thus, Option B is correct.