Which countermeasure best mitigates brute-force attacks on Bluetooth SSP?

In CEH v13 Wireless Hacking, brute-force attacks against Secure Simple Pairing (SSP) exploit repeated attempts to guess cryptographic values. The most effective defense is rate limiting, which restricts how many pairing attempts can be made in a given timeframe.

Increasing key length does not stop brute-force attempts if unlimited tries are allowed. BLE still uses pairing mechanisms and is not immune. Whitelisting controls access but does not prevent cryptographic attacks during pairing.

CEH v13 explicitly recommends rate limiting and pairing attempt thresholds as primary mitigations. Therefore, Option C is correct.