Which statement best describes the function of SAE in WPA3-Personal?

The function being tested is how SAE secures WPA3-Personal against offline dictionary attacks by using a password-authenticated key exchange. SAE (Simultaneous Authentication of Equals) lets client and access point prove they both know the same password without sending the password itself. They perform an interactive exchange that uses ephemeral values to derive a shared session key. Because the password isn’t transmitted and the handshake depends on fresh, ephemeral data, an attacker who only captures traffic cannot test password guesses offline; any guessing attempt would require participating in a live handshake, which is rate-limited. This is why SAE provides password-based authentication resistant to offline dictionary attacks, and it also offers mutual authentication and forward secrecy. The other statements don’t fit: SAE is not simply the same as a static PSK, it does not use WEP, and it does not disable mutual authentication; it actually enforces mutual authentication through the PAKE process.