Network Security Management

Enabling a DDoS mitigation service is the best option here. This type of service can help protect against DDoS attacks by identifying and filtering out potentially harmful traffic before it reaches the company's servers. On the other hand, increasing the capacity of the web server would not directly prevent a DDoS attack, it just might make the online store able to tolerate larger volumes of traffic, which does not actively protect against malicious attacks. Removing payment processing functionality is not feasible as it would prevent transactions on the website, which defeats the purpose of an online store. Finally, enabling a single set of login credentials for all users would potentially increase risk instead of reducing it, by giving attackers an easier way to gain unauthorized access.

The best answer is 'Use encryption for data transmissions'. This is because Payment Card Industry Data Security Standard (PCI DSS) requirements prioritize the protection of cardholder data, and encrypting data transmissions is one of the key ways to achieve this. Encryption converts data into a code to prevent unauthorized access. On the other hand, allowing all employees to access customer data increases the risk of data breaches. Disabling customer login capabilities would interfere with business operations and customer experience. Regularly defragging hard drives on servers has more to do with maintaining system performance than with securing customer data.

The protocol to mitigate the issue of a rogue DHCP server providing unauthorized IP addresses is 'DHCP Snooping'. DHCP Snooping, as a DHCP security tool, becomes especially useful in protecting DHCP servers, where rogue DHCP servers are providing clients with wrong or harmful configurations. The tool works by filtering DHCP messages from untrusted sources and by building and maintaining a binding table that ties a client's MAC address, IP address, lease time, binding type, VLAN number, and interface information. On the other hand, 'IPSec' is a protocol for secure internet communication that uses cryptographic security services to protect communications over IP networks. 'STP' (Spanning Tree Protocol) is used in switching environments to prevent loops by creating a spanning tree and blocking specific redundant paths. While 'DNSSEC' (Domain Name System Security Extensions) is a suite of internet standards that adds security to the Domain Name System (DNS) which provides authentication for returned DNS responses, unfortunately, it doesn't solve the issue of unauthorized DHCP servers.