CEH v13 states that the only viable way to attack WPA2-PSK is by capturing the four-way handshake. De- authentication forces clients to reconnect, allowing the handshake to be captured and later cracked offline.
MITM, jamming, and rogue AP attacks do not directly expose the PSK.

In CEH v13 Wireless Hacking, brute-force attacks against Secure Simple Pairing (SSP) exploit repeated attempts to guess cryptographic values. The most effective defense is rate limiting, which restricts how many pairing attempts can be made in a given timeframe.
Increasing key length does not stop brute-force attempts if unlimited tries are allowed. BLE still uses pairing mechanisms and is not immune. Whitelisting controls access but does not prevent cryptographic attacks during pairing.
CEH v13 explicitly recommends rate limiting and pairing attempt thresholds as primary mitigations.
Therefore, Option C is correct.

CEH v13 follows the Incident Response Lifecycle, which prioritizes identification and analysis before containment, unless there is immediate risk of catastrophic damage. In this scenario, the attacker has escalated privileges, but the organization still needs to understand what actions are being taken, what systems are affected, and whether lateral movement is occurring.
Option C aligns with CEH v13 best practices. Real-time monitoring and documentation allow analysts to:
* Identify attacker techniques and tools
* Preserve volatile evidence
* Understand scope and impact
* Implement targeted containment
Immediately powering down the server (Option B) may destroy volatile forensic evidence and disrupt services unnecessarily. Engaging forensic teams (Option A) is important but premature without initial analysis.
Running vulnerability scans (Option D) does not address the active threat.
CEH v13 stresses that informed containment is more effective than reactive shutdowns. Therefore, Option C is correct.

This scenario aligns with a Replay Attack against RF-based smart key systems, covered in CEH v13 IoT and OT Hacking. Attackers capture radio-frequency signals transmitted by key fobs and replay them to unlock vehicles.
CEH v13 emphasizes that detecting and preventing such attacks requires monitoring wireless RF signals for anomalies such as signal replay, interference, or jamming patterns. RF analysis helps confirm unauthorized signal capture and retransmission.
Firmware updates may mitigate future vulnerabilities, but confirmation requires RF monitoring. Physical surveillance and smartphone malware controls are unrelated to RF replay attacks. Therefore, option D is correct.

The weakness described is a classic online password-guessing condition: the application permits unlimited authentication attempts without any throttling, lockout, or challenge mechanism. In CEH guidance, this exposure enables brute-force attacks and automated credential stuffing, where attackers rapidly test many passwords or reused credential pairs until successful. A practical and commonly recommended control at the web application layer is adding CAPTCHA challenges to the login workflow, especially after a small number of failed attempts or when anomalous behavior is detected. CAPTCHA increases the cost of automation by forcing human interaction, directly disrupting high-speed scripted guessing against the admin portal.
While implementing MFA is an excellent additional safeguard and is strongly encouraged for privileged access, the question asks for the best countermeasure to address the specific issue of unlimited rapid attempts.
CAPTCHA is a direct mitigation for automated login abuse, and CEH commonly pairs it with rate limiting, progressive delays, and account lockout policies. Periodic password changes do not prevent an attacker from guessing a password today, and CEH materials note that forced rotation can even reduce security if it drives predictable password patterns. Strong password hashing such as bcrypt, scrypt, or Argon2 is critical for protecting stored passwords if a database is compromised, but it does not stop online guessing against the login form itself. Therefore, the most fitting countermeasure for the identified vulnerability is using CAPTCHA challenges on login and registration pages, ideally combined with throttling and lockout for stronger defense in depth