Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CWNP CWSP-208 Exam - Topic 2 Question 3 Discussion

Actual exam question for CWNP's CWSP-208 exam
Question #: 3
Topic #: 2
[All CWSP-208 Questions]

Given: ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around the United States. 802.1X/EAP is ABC's preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources.

What security best practices should be followed in this deployment scenario?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Ines at Jul 09, 2025, 08:10 AM

Limited Time Offer

25%

Off

Get Premium CWSP-208 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rachael
5 months ago
Definitely agree on prohibiting remote management over WAN!
upvoted 0 times
...
Lelia
5 months ago
RADIUS at branches? That's a bit overkill, right?
upvoted 0 times
...
Chaya
6 months ago
Wait, are they really using Telnet? That's so outdated!
upvoted 0 times
...
Sage
6 months ago
I disagree, unique SSIDs could confuse users.
upvoted 0 times
...
Clay
6 months ago
A VPN for the APs sounds like a solid plan!
upvoted 0 times
...
Doug
6 months ago
I definitely recall that remote management should be secure, so option D makes sense, but I’m not clear on the implications of prohibiting all those protocols.
upvoted 0 times
...
Michell
7 months ago
Option C seems important since it mentions RADIUS at branch offices, but I’m a bit confused about how that would work with limited IT resources.
upvoted 0 times
...
Gabriele
7 months ago
I think having unique SSIDs for each branch, as mentioned in option B, could help with user tracking, but I wonder if it complicates things too much for users.
upvoted 0 times
...
Winfred
7 months ago
I remember studying about VPNs for secure connections, so option A sounds like a good practice, but I'm not entirely sure if it's necessary for every remote AP.
upvoted 0 times
...
Francisca
7 months ago
This question seems pretty straightforward to me. The answer is clearly C - using RADIUS services at the branch offices. That way, the authentication credentials don't have to traverse the internet, which is the most secure approach. I'm confident that's the right solution here.
upvoted 0 times
...
Kayleigh
7 months ago
Okay, I think I've got a handle on this. The key is to ensure the remote connections to the central controller are secure, since that's the potential vulnerability. I'd go with option A - an encrypted VPN between the remote APs and the controller. That way, the authentication traffic stays protected.
upvoted 0 times
...
Cassi
8 months ago
Hmm, this is a tricky one. I'm a little unsure about the best approach here. Should I be looking at VPNs, unique SSIDs, or RADIUS services? There are a few options presented, and I'll need to carefully consider the pros and cons of each.
upvoted 0 times
...
Sena
8 months ago
This seems like a pretty straightforward security question. I'd focus on the key details - the remote branch offices, the single WLAN controller, and the preference for 802.1X/EAP. Looks like I need to think about how to secure the connections between the remote sites and the central controller.
upvoted 0 times
...
Caprice
10 months ago
I think we should also consider option D to restrict remote management access for better security.
upvoted 0 times
...
Melissia
10 months ago
Haha, I wonder if they'll let me use the company VPN to stream some Netflix at home. Gotta test those security measures, right?
upvoted 0 times
...
Harrison
10 months ago
I agree, the VPN tunnel is critical to protect the data in transit. Definitely the best choice here.
upvoted 0 times
Reita
8 months ago
C) RADIUS services should be provided at branch offices so that authentication server and supplicant credentials are not sent over the Internet.
upvoted 0 times
...
Marge
8 months ago
B) APs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.
upvoted 0 times
...
Peggy
9 months ago
A) An encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to HQ.
upvoted 0 times
...
...
Terrilyn
10 months ago
I believe option C is also important to ensure secure authentication without sending credentials over the Internet.
upvoted 0 times
...
Alaine
10 months ago
Option A is the way to go. Encrypted VPNs are essential for securing the remote branch offices.
upvoted 0 times
Rodrigo
9 months ago
B) APs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.
upvoted 0 times
...
Delisa
10 months ago
A) An encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to HQ.
upvoted 0 times
...
...
Dolores
11 months ago
I agree with Karan, using an encrypted VPN ensures data confidentiality and integrity.
upvoted 0 times
...
Karan
11 months ago
I think option A is the best practice for secure communication between the WLAN controller and remote APs.
upvoted 0 times
...

Save Cancel