Final answer:
To mitigate brute-force attacks, Account lockout is the most effective because it limits the number of login attempts. Salting passwords and Encryption of passwords are important security practices, but they do not directly prevent brute-force login attempts. Rainbow tables are used by attackers, not defenders.
Step-by-step explanation:
To mitigate the success of an online brute-force attack, option B, Account lockout, is the most effective. An account lockout policy limits the number of incorrect login attempts before the account is temporarily or permanently disabled, thus preventing the attacker from trying infinite combinations of passwords.
Option C, Salting passwords, refers to adding a unique value to the end of each password before hashing it. This method thwarts attacks using precomputed tables, like rainbow tables, but isn't particularly designed to stop brute-force attacks directly.
Option D, Encryption of passwords, protects stored passwords but doesn't necessarily prevent brute-forcing of login attempts, though it is a critical practice in overall security. Lastly, option A, Rainbow table, is actually a tool that could be used by attackers to crack passwords faster if they are not properly salted and hashed.