
May-2026 Pass Your CWSP-208 Exam at the First Try with 100% Real Exam
Get Real Exam Questions for CWSP-208 with New Questions
CWNP CWSP-208 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
NEW QUESTION # 21
Given: You are using a Wireless Aggregator utility to combine multiple packet captures. One capture exists for each of channels 1, 6 and 11. What kind of troubleshooting are you likely performing with such a tool?
- A. Narrowband DoS attack detection.
- B. Wireless adapter failure analysis.
- C. Interference source location.
- D. Fast secure roaming problems.
Answer: D
Explanation:
When using a wireless aggregator to combine packet captures from channels 1, 6, and 11 (the three non- overlapping 2.4 GHz channels), you're most likely analyzing multi-channel behavior. This is particularly relevant when troubleshooting roaming issues, such as fast secure roaming (e.g., 802.11r). These captures help determine whether authentication or association events occur smoothly across APs operating on different channels.
Incorrect:
A). Adapter failure doesn't require multi-channel capture.
B). Interference location is typically single-channel and spectrum-analysis focused.
D). Narrowband DoS attacks are also usually identified using RF spectrum analysis, not packet capture across all channels.
References:
CWSP-208 Study Guide, Chapter 6 (Roaming and Mobility)
CWNP Whitepaper: WLAN Troubleshooting Methodologies
CWNP Learning Portal: 802.11 Roaming and Analysis
NEW QUESTION # 22
Given: A WLAN protocol analyzer trace reveals the following sequence of frames (excluding the ACK frames):
1) 802.11 Probe Req and 802.11 Probe Rsp
2) 802.11 Auth and then another 802.11 Auth
3) 802.11 Assoc Req and 802.11 Assoc Rsp
4) EAPOL-KEY
5) EAPOL-KEY
6) EAPOL-KEY
7) EAPOL-KEY
What security mechanism is being used on the WLAN?
- A. WEP-128
- B. WPA2-Personal
- C. WPA-Enterprise
- D. 802.1X/LEAP
- E. EAP-TLS
Answer: B
Explanation:
The key clue in this sequence is the four EAPOL-Key frames, which indicate a 4-way handshake - a hallmark of WPA and WPA2 authentication processes. There is no EAP exchange preceding the 4-way handshake, which eliminates WPA/WPA2-Enterprise and 802.1X/EAP methods. This points directly to WPA2-Personal, where PSK (Pre-Shared Key) is used and there is no EAP exchange before key generation.
Also, the second "Auth" frame suggests Open System Authentication was used, which is typical for RSN- based networks (not Shared Key as in WEP).
References:
CWSP-208 Study Guide, Chapter 6 - Frame Analysis and 4-Way Handshake
CWNP CWSP-208 Objectives: "Identify WPA/WPA2 Operation from Frame Traces"
NEW QUESTION # 23
Given: Your network implements an 802.1X/EAP-based wireless security solution. A WLAN controller is installed and manages seven APs. FreeRADIUS is used for the RADIUS server and is installed on a dedicated server named SRV21. One example client is a MacBook Pro with 8 GB RAM.
What device functions as the 802.1X/EAP Authenticator?
- A. RADIUS server
- B. SRV21
- C. MacBook Pro
- D. WLAN Controller/AP
Answer: D
Explanation:
Comprehensive Detailed Explanation:
In the 802.1X/EAP framework:
The Authenticator is the device that controls access to the network - typically the AP or WLAN controller.
The Authenticator passes EAP messages between the Supplicant (client) and the Authentication Server (RADIUS).
Incorrect:
A). SRV21 is the RADIUS server (Authentication Server), not the Authenticator.
C). The MacBook Pro is the Supplicant.
D). RADIUS server handles Authentication, not Authenticator functionality.
References:
CWSP-208 Study Guide, Chapter 4 (802.1X Architecture Roles)
CWNP AAA and Authentication Design
NEW QUESTION # 24
What wireless authentication technologies may build a TLS tunnel between the supplicant and the authentication server before passing client authentication credentials to the authentication server? (Choose 3)
- A. LEAP
- B. EAP-MD5
- C. EAP-TLS
- D. EAP-TTLS
- E. PEAPv0/MSCHAPv2
Answer: C,D,E
Explanation:
All three EAP methods - EAP-TLS, PEAPv0, and EAP-TTLS - establish a secure TLS tunnel between the supplicant and the authentication server before client credentials are passed:
B). EAP-TLS uses mutual certificate authentication inside a TLS tunnel.
D). PEAPv0/MSCHAPv2 creates a TLS tunnel and then authenticates the user with MSCHAPv2 inside the tunnel.
E). EAP-TTLS creates a TLS tunnel and then supports legacy credentials (e.g., PAP, CHAP, MSCHAPv2) securely within it.
Incorrect:
A). EAP-MD5 does not use TLS at all.
C). LEAP is not TLS-based and is considered insecure.
References:
CWSP-208 Study Guide, Chapter 4 (TLS-Based EAP Methods)
CWNP EAP Protocol Comparison Matrix
NEW QUESTION # 25
Given: Many computer users connect to the Internet at airports, which often have 802.11n access points with a captive portal for authentication.
While using an airport hot-spot with this security solution, to what type of wireless attack is a user susceptible? (Choose 2)
- A. IGMP snooping
- B. UDP port redirection
- C. Wi-Fi phishing
- D. Man-in-the-Middle
- E. Management interface exploits
Answer: C,D
Explanation:
Open networks with captive portals do not provide link-layer encryption, so:
A). Man-in-the-Middle (MitM): Attackers can intercept or modify traffic between the user and the legitimate network (especially before HTTPS negotiation).
B). Wi-Fi phishing: Evil twin APs may mimic the legitimate hotspot and show a fake captive portal, stealing user credentials or prompting malicious downloads.
Incorrect:
C). Management interface exploits target device admin panels, not typical client users.
D). UDP port redirection and
E). IGMP snooping are network-layer behaviors, not common user-targeted attacks.
References:
CWSP-208 Study Guide, Chapter 5 (Hotspot Vulnerabilities)
CWNP Wi-Fi Phishing and Evil Twin Defense Strategies
NEW QUESTION # 26
Your organization required compliance reporting and forensics features in relation to the 802.11ac WLAN they have recently installed. These features are not built into the management system provided by the WLAN vendor. The existing WLAN is managed through a centralized management console provided by the AP vendor with distributed APs and multiple WLAN controllers configured through this console.
What kind of system should be installed to provide the required compliance reporting and forensics features?
- A. WNMS
- B. Cloud management platform
- C. WIPS integrated
- D. WIPS overlay
Answer: D
Explanation:
When compliance reporting and forensic analysis are required and the WLAN vendor's centralized management system does not provide it, deploying a dedicated overlay WIPS is the most effective solution.
Overlay WIPS uses dedicated sensors independent of the WLAN's operational radios, offering detailed threat detection, compliance logging, and reporting capabilities that often surpass native WLAN features.
References:
CWSP-208 Study Guide, Chapter 7 - Overlay vs Integrated WIPS
CWNP CWSP-208 Objectives: "Compliance Monitoring and Forensics"
NEW QUESTION # 27
While seeking the source of interference on channel 11 in your 802.11n WLAN running within 2.4 GHz, you notice a signal in the spectrum analyzer real time FFT display. The signal is characterized with the greatest strength utilizing only 1-2 megahertz of bandwidth and it does not use significantly more bandwidth until it has weakened by roughly 20 dB. At approximately -70 dB, it spreads across as much as 35 megahertz of bandwidth.
What kind of signal is described?
- A. A frequency hopping wireless device in discovery mode
- B. A deauthentication flood from a WIPS blocking an AP
- C. A 2.4 GHz WLAN transmission using transmit beam forming
- D. A high-power ultra wideband (UWB) Bluetooth transmission
- E. An HT-OFDM access point
- F. A high-power, narrowband signal
Answer: F
Explanation:
Spectrum analyzer observations indicate a narrow 1-2 MHz peak with a strong signal, which broadens only when significantly attenuated. This behavior matches a high-powered narrowband interferer (like a microwave ignitor or industrial radio) - not Bluetooth hopping or standard WLAN signals
NEW QUESTION # 28
Given: XYZ Company has recently installed an 802.11ac WLAN. The company needs the ability to control access to network services, such as file shares, intranet web servers, and Internet access based on an employee's job responsibilities.
What WLAN security solution meets this requirement?
- A. WPA2-Personal with support for LDAP queries
- B. A WLAN controller with RBAC features
- C. A VPN server with multiple DHCP scopes
- D. A WLAN router with wireless VLAN support
- E. An autonomous AP system with MAC filters
Answer: B
Explanation:
Role-Based Access Control (RBAC) enables dynamic assignment of permissions and access rights based on a user's job function. A WLAN controller with RBAC:
Can apply policies post-authentication.
Controls access to internal services (e.g., file shares, apps).
Assigns users to different VLANs or applies firewall rules based on roles.
Incorrect:
A). MAC filtering is not scalable or secure.
B). WPA2-Personal does not support user-based policies or LDAP integration.
C). DHCP scope assignment is not linked to user roles.
E). VLAN assignment via SSID is static and does not consider job function.
References:
CWSP-208 Study Guide, Chapter 6 (Access Control and Role-Based Policies) CWNP Enterprise WLAN Design Practices
NEW QUESTION # 29
What is a primary criteria for a network to qualify as a Robust Security Network (RSN)?
- A. WLAN controllers and APs must not support SSHv1.
- B. WEP may not be used for encryption.
- C. Token cards must be used for authentication.
- D. Dynamic WEP-104 encryption must be enabled.
- E. WPA-Personal must be supported for authentication and encryption.
Answer: B
Explanation:
A Robust Security Network (RSN) is defined by the IEEE 802.11i standard and is designed to provide a framework for secure wireless LAN communications. One of the primary criteria for a network to qualify as an RSN is that WEP (Wired Equivalent Privacy) must not be used for encryption, as WEP has well-known vulnerabilities and is considered insecure. RSN-compliant networks must use either CCMP (AES) or GCMP for encryption and 802.1X/EAP or WPA2-Personal for authentication.
Incorrect:
A). Token cards are not part of RSN criteria.
B). Dynamic WEP is still WEP and disqualifies RSN status.
D). WPA-Personal may be supported, but alone does not define an RSN.
E). SSHv1 concerns device management security, not RSN qualification.
References:
CWSP-208 Study Guide, Chapter 3 (Robust Security Networks)
IEEE 802.11i Standard
CWNP Exam Objectives: Security Standards and Protocols
NEW QUESTION # 30
Given: The Aircrack-ng WLAN software tool can capture and transmit modified 802.11 frames over the wireless network. It comes pre-installed on Kali Linux and some other Linux distributions.
What are three uses for such a tool? (Choose 3)
- A. Transmitting a deauthentication frame to disconnect a user from the AP.
- B. Auditing the configuration and functionality of a WIPS by simulating common attack sequences
- C. Probing the RADIUS server and authenticator to expose the RADIUS shared secret
- D. Cracking the authentication or encryption processes implemented poorly in some WLANs
Answer: A,B,D
Explanation:
Aircrack-ng is a versatile toolset commonly used for WLAN penetration testing and security auditing. Its capabilities include:
A). Injecting deauth frames to simulate or test disconnection scenarios.
B). Testing WIPS responsiveness by simulating common attack frames.
D). Performing dictionary and brute-force attacks against weakly protected networks (e.g., WPA2-PSK with a weak passphrase).
Incorrect:
C). Aircrack-ng does not probe or test RADIUS shared secrets.
References:
CWSP-208 Study Guide, Chapter 7 (Tools and Wireless Attacks)
Aircrack-ng Documentation (https://www.aircrack-ng.org/)
CWNP Attack Simulation Labs
NEW QUESTION # 31
Given: Your company has just completed installation of an IEEE 802.11 WLAN controller with 20 controller- based APs. The CSO has specified PEAPv0/EAP-MSCHAPv2 as the only authorized WLAN authentication mechanism. Since an LDAP-compliant user database was already in use, a RADIUS server was installed and is querying authentication requests to the LDAP server.
Where must the X.509 server certificate and private key be installed in this network?
- A. Supplicant devices
- B. WLAN controller
- C. Controller-based APs
- D. RADIUS server
- E. LDAP server
Answer: D
Explanation:
With PEAPv0/EAP-MSCHAPv2:
The TLS tunnel is created between the supplicant and the RADIUS server.
Therefore, the RADIUS server must have the X.509 server certificate and private key to authenticate itself and establish the tunnel.
Incorrect:
A). Supplicants verify the server's certificate, not hold it.
B). LDAP server is used for querying, not for EAP termination.
C). APs and
D). Controllers pass the authentication info but don't require certificates for PEAP termination.
References:
CWSP-208 Study Guide, Chapter 4 (EAP Types and TLS Tunnel Establishment) CWNP EAP Deployment Guidelines
NEW QUESTION # 32
Wireless Intrusion Prevention Systems (WIPS) provide what network security services? (Choose 2)
- A. Analysis and reporting of AP CPU utilization
- B. Policy enforcement and compliance management
- C. Wireless vulnerability assessment
- D. Application-layer traffic inspection
- E. Configuration distribution for autonomous APs
Answer: B,C
Explanation:
WIPS systems provide proactive security by continuously scanning for threats and ensuring WLAN policy compliance. Their capabilities include:
B). Wireless vulnerability assessment: Scanning for misconfigured APs, weak encryption, and unauthorized devices.
E). Policy enforcement and compliance: Ensuring security settings adhere to enterprise or regulatory requirements and alerting on deviations.
Other options like application-layer inspection and AP CPU monitoring are outside the WIPS function scope.
References:
CWSP-208 Study Guide, Chapter 7 - WIPS Services and Capabilities
CWNP CWSP-208 Objectives: "WIPS Threat Mitigation and Enforcement"
NEW QUESTION # 33
What is one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism in an 802.11 WLAN?
- A. EAP-TTLS does not require the use of a certificate for each STA as authentication credentials, but EAP- TLS does.
- B. EAP-TTLS supports client certificates, but EAP-TLS does not.
- C. EAP-TTLS does not require an authentication server, but EAP-TLS does.
- D. EAP-TTLS sends encrypted supplicant credentials to the authentication server, but EAP-TLS uses unencrypted user credentials.
Answer: A
Explanation:
EAP-TLS requires both server and client-side digital certificates, which adds complexity in client certificate management.
EAP-TTLS uses a server certificate to establish a secure TLS tunnel, after which user credentials (e.g., username/password) are sent inside the encrypted tunnel. No client certificate is needed.
Incorrect:
A). EAP-TLS also encrypts credentials using TLS.
B). EAP-TLS supports client certificates (it's the core requirement).
C). Both EAP methods require an authentication server.
References:
CWSP-208 Study Guide, Chapter 4 (EAP Methods Comparison)
CWNP EAP-TTLS Deployment Guide
NEW QUESTION # 34
An attack is under way on the network. The attack is preventing users from accessing resources required for business operations, but the attacker has not gained access to any files or data. What kind of attack is described?
- A. Hijacking
- B. DoS
- C. Man-in-the-middle
- D. ASLEAP
Answer: B
Explanation:
A Denial-of-Service (DoS) attack focuses on preventing legitimate users from accessing network resources. In this case, the attacker has not accessed files or data but is interrupting services. This aligns perfectly with a DoS attack scenario.
References:
CWSP-208 Study Guide, Chapter 5 (WLAN Threat Categories)
CWNP Learning Center: DoS and Availability Attacks
NEW QUESTION # 35
For a WIPS system to identify the location of a rogue WLAN device using location patterning (RF fingerprinting), what must be done as part of the WIPS installation?
- A. All WIPS sensors must be installed as dual-purpose (AP/sensor) devices.
- B. The RF environment must be sampled during an RF calibration process.
- C. At least six antennas must be installed in each sensor.
- D. A location chipset (GPS) must be installed with it.
Answer: B
Explanation:
For a WIPS system to perform location patterning (also called RF fingerprinting), it must first perform an RF calibration or RF site survey. This process involves sampling signal strengths from known locations to develop a model of how signals propagate in the environment. This "fingerprint" is then used to triangulate or estimate the positions of rogue devices.
NEW QUESTION # 36
ABC Company requires the ability to identify and quickly locate rogue devices. ABC has chosen an overlay WIPS solution with sensors that use dipole antennas to perform this task. Use your knowledge of location tracking techniques to answer the question.
In what ways can this 802.11-based WIPS platform determine the location of rogue laptops or APs? (Choose
3)
- A. Trilateration of RSSI measurements
- B. GPS Positioning
- C. RF Fingerprinting
- D. Time Difference of Arrival (TDoA)
- E. Angle of Arrival (AoA)
Answer: A,C,D
Explanation:
WIPS platforms with multiple sensors can locate rogue devices using:
A). TDoA: Measures the time difference a signal takes to reach multiple sensors; requires synchronized clocks.
C). Trilateration using RSSI: Estimates distance based on signal strength from three or more known sensor positions.
E). RF Fingerprinting: Matches received signals to known RF patterns in the environment for device positioning.
AoA requires directional antennas (not typical with dipoles), and GPS is used for locating mobile sensors or vehicles, not indoor rogues.
References:
CWSP-208 Study Guide, Chapter 7 - Location Tracking Techniques
CWNP CWSP-208 Objectives: "Rogue Device Location via RSSI, TDoA, and Fingerprinting"
NEW QUESTION # 37
What security benefits are provided by endpoint security solution software? (Choose 3)
- A. Can restrict client connections to networks with specific SSIDs and encryption types
- B. Can collect statistics about a user's network use and monitor network threats while they are connected
- C. Can be used to monitor for and prevent network attacks by nearby rogue clients or APs
- D. Can prevent connections to networks with security settings that do not conform to company policy
Answer: A,B,D
Explanation:
Endpoint security software can:
A). Enforce network access policies by validating that security settings meet organizational standards.
B). Monitor usage for auditing and threat detection.
C). Limit network connectivity based on SSID names, encryption, and authentication parameters.
Incorrect:
D). Detecting rogue APs and clients is typically done by WIPS, not endpoint security agents.
References:
CWSP-208 Study Guide, Chapter 7 (Client Security and Endpoint Enforcement) CWNP Endpoint Security and Compliance Policies
NEW QUESTION # 38
In an effort to optimize WLAN performance, ABC Company has upgraded their WLAN infrastructure from
802.11a/g to 802.11n. 802.11a/g clients are still supported and are used throughout ABC's facility. ABC has always been highly security conscious, but due to budget limitations, they have not yet updated their overlay WIPS solution to 802.11n or 802.11ac.
Given ABC's deployment strategy, what security risks would not be detected by the 802.11a/g WIPS?
- A. 802.11n client spoofing the MAC address of an authorized 802.11n client
- B. Rogue AP operating in Greenfield 40 MHz-only mode
- C. Hijacking attack performed by using a rogue 802.11n AP against an 802.11a client
- D. 802.11a STA performing a deauthentication attack against 802.11n APs
Answer: B
Explanation:
An 802.11a/g-based WIPS cannot detect rogue activity that occurs in 802.11n/ac-specific modes, including Greenfield (HT-only) operation and use of 40 MHz channels, which are not part of the 802.11a/g specification. Greenfield mode disables legacy support, so a WIPS limited to 802.11a/g radios won't even
"see" these frames. This leaves a significant blind spot for detecting certain types of rogue devices or attacks using newer PHYs.
References:
CWSP-208 Study Guide, Chapter 7 - WIPS Capabilities and Limitations
CWNP CWSP-208 Objectives: "Protocol Compatibility and Threat Detection"
NEW QUESTION # 39
What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?
- A. Require Port Address Translation (PAT) on each laptop.
- B. Require secure applications such as POP, HTTP, and SSH.
- C. Require WPA2-Enterprise as the minimal WLAN security solution.
- D. Require VPN software for connectivity to the corporate network.
Answer: D
Explanation:
EAP-TLS requires both server and client-side digital certificates, which adds complexity in client certificate management.
EAP-TTLS uses a server certificate to establish a secure TLS tunnel, after which user credentials (e.g., username/password) are sent inside the encrypted tunnel. No client certificate is needed.
Incorrect:
A). EAP-TLS also encrypts credentials using TLS.
B). EAP-TLS supports client certificates (it's the core requirement).
C). Both EAP methods require an authentication server.
References:
CWSP-208 Study Guide, Chapter 4 (EAP Methods Comparison)
CWNP EAP-TTLS Deployment Guide
NEW QUESTION # 40
Given: Your network includes a controller-based WLAN architecture with centralized data forwarding. The AP builds an encrypted tunnel to the WLAN controller. The WLAN controller is uplinked to the network via a trunked 1 Gbps Ethernet port supporting all necessary VLANs for management, control, and client traffic.
What processes can be used to force an authenticated WLAN client's data traffic into a specific VLAN as it exits the WLAN controller interface onto the wired uplink? (Choose 3)
- A. In the WLAN controller's local user database, create a static username-to-VLAN mapping on the WLAN controller to direct data traffic from a specific user to a designated VLAN.
- B. On the Ethernet switch that connects to the AP, configure the switch port as an access port (not trunking) in the VLAN of supported clients.
- C. During 802.1X authentication, RADIUS sends a return list attribute to the WLAN controller assigning the user and all traffic to a specific VLAN.
- D. Configure the WLAN controller with static SSID-to-VLAN mappings; the user will be assigned to a VLAN according to the SSID being used.
Answer: A,C,D
Explanation:
Client VLAN assignment at the controller can be achieved through:
B). RADIUS attributes (e.g., Tunnel-Private-Group-ID) for dynamic VLAN assignment.
C). Static mappings in the WLAN controller's local user DB.
D). SSID-to-VLAN bindings assign traffic from specific SSIDs to specific VLANs.
Incorrect:
A). The AP connects to the controller over a tunneled link. VLAN configuration at the AP's Ethernet port does not impact client VLAN assignment in centralized forwarding mode.
References:
CWSP-208 Study Guide, Chapter 6 (Dynamic VLAN Assignment)
CWNP WLAN Controller Configuration Guides
NEW QUESTION # 41
Given: You manage a wireless network that services 200 wireless users. Your facility requires 20 access points, and you have installed an IEEE 802.11-compliant implementation of 802.1X/LEAP with AES-CCMP as an authentication and encryption solution.
In this configuration, the wireless network is initially susceptible to what type of attacks? (Choose 2)
- A. Application eavesdropping
- B. Session hijacking
- C. Encryption cracking
- D. Offline dictionary attacks
- E. Layer 1 DoS
- F. Layer 3 peer-to-peer
Answer: D,E
Explanation:
Though AES-CCMP is secure and 802.1X authentication is strong, LEAP is inherently weak because:
B). LEAP uses MS-CHAPv1, making it vulnerable to offline dictionary attacks once challenge/response exchanges are captured.
F). Layer 1 DoS attacks (such as RF jamming or interference) can be launched regardless of authentication mechanisms.
Incorrect:
A). AES-CCMP resists encryption cracking.
C). Peer-to-peer at Layer 3 is unrelated to LEAP or 802.1X vulnerabilities.
D). Application-layer eavesdropping is mitigated if encryption is properly implemented.
E). Session hijacking is more difficult with proper authentication and encryption in place.
References:
CWSP-208 Study Guide, Chapters 5 and 6 (LEAP vulnerabilities and DoS)
CWNP Threat Matrix and Attack Vectors
IEEE 802.11i and Cisco LEAP documentation
NEW QUESTION # 42
Given: ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around the United States. 802.1X/EAP is ABC's preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources.
What security best practices should be followed in this deployment scenario?
- A. APs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.
- B. An encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to HQ.
- C. RADIUS services should be provided at branch offices so that authentication server and supplicant credentials are not sent over the Internet.
- D. Remote management of the WLAN controller via Telnet, SSH, HTTP, and HTTPS should be prohibited across the WAN link.
Answer: B
Explanation:
Because all APs (even those at branch offices) connect to a central controller:
Their control/data traffic must traverse the public internet or WAN.
VPNs (IPSec, GRE, or similar) ensure confidentiality and integrity of authentication traffic and user data over insecure links.
Incorrect:
B). Using different SSIDs complicates management and user experience unnecessarily.
C). Remote RADIUS at small branches contradicts the goal of centralized management.
D). Remote access protocols (SSH, HTTPS) should be secured, not entirely prohibited, to allow remote management.
References:
CWSP-208 Study Guide, Chapter 6 (Remote AP Security)
CWNP Controller-Based Architecture Deployment Guide
NEW QUESTION # 43
......
Updated CWSP-208 Certification Exam Sample Questions: https://www.actual4test.com/CWSP-208_examcollection.html
Get Unlimited Access to CWSP-208 Certification Exam Cert Guide: https://drive.google.com/open?id=1gQoUA5j8Qv2GFNRREySu137Ksd0phU-l