CWNP CWSP-208 Exam - Topic 2 Question 3 Discussion

Actual exam question for CWNP's CWSP-208 exam

Question #: 3
Topic #: 2

Given: ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around the United States. 802.1X/EAP is ABC's preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources.

What security best practices should be followed in this deployment scenario?

AAn encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to HQ.

BAPs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.

CRADIUS services should be provided at branch offices so that authentication server and supplicant credentials are not sent over the Internet.

DRemote management of the WLAN controller via Telnet, SSH, HTTP, and HTTPS should be prohibited across the WAN link.

Show Suggested Answer

Suggested Answer: A

by Ines at Jul 09, 2025, 08:10 AM

Limited Time Offer

25%

Off

Get Premium CWSP-208 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Rachael

2 months ago

Definitely agree on prohibiting remote management over WAN!

upvoted 0 times

...

Lelia

2 months ago

RADIUS at branches? That's a bit overkill, right?

upvoted 0 times

...

Chaya

3 months ago

Wait, are they really using Telnet? That's so outdated!

upvoted 0 times

...

Sage

3 months ago

I disagree, unique SSIDs could confuse users.

upvoted 0 times

...

Clay

3 months ago

A VPN for the APs sounds like a solid plan!

upvoted 0 times

...

Doug

3 months ago

I definitely recall that remote management should be secure, so option D makes sense, but I’m not clear on the implications of prohibiting all those protocols.

upvoted 0 times

...

Michell

4 months ago

Option C seems important since it mentions RADIUS at branch offices, but I’m a bit confused about how that would work with limited IT resources.

upvoted 0 times

...

Gabriele

4 months ago

I think having unique SSIDs for each branch, as mentioned in option B, could help with user tracking, but I wonder if it complicates things too much for users.

upvoted 0 times

...

Winfred

4 months ago

I remember studying about VPNs for secure connections, so option A sounds like a good practice, but I'm not entirely sure if it's necessary for every remote AP.

upvoted 0 times

...

Francisca

4 months ago

This question seems pretty straightforward to me. The answer is clearly C - using RADIUS services at the branch offices. That way, the authentication credentials don't have to traverse the internet, which is the most secure approach. I'm confident that's the right solution here.

upvoted 0 times

...

Kayleigh

4 months ago

Okay, I think I've got a handle on this. The key is to ensure the remote connections to the central controller are secure, since that's the potential vulnerability. I'd go with option A - an encrypted VPN between the remote APs and the controller. That way, the authentication traffic stays protected.

upvoted 0 times

...

Cassi

5 months ago

Hmm, this is a tricky one. I'm a little unsure about the best approach here. Should I be looking at VPNs, unique SSIDs, or RADIUS services? There are a few options presented, and I'll need to carefully consider the pros and cons of each.

upvoted 0 times

...

Sena

5 months ago

This seems like a pretty straightforward security question. I'd focus on the key details - the remote branch offices, the single WLAN controller, and the preference for 802.1X/EAP. Looks like I need to think about how to secure the connections between the remote sites and the central controller.

upvoted 0 times

...

Caprice

7 months ago

I think we should also consider option D to restrict remote management access for better security.

upvoted 0 times

...

Melissia

7 months ago

Haha, I wonder if they'll let me use the company VPN to stream some Netflix at home. Gotta test those security measures, right?

upvoted 0 times

...

Harrison

7 months ago

I agree, the VPN tunnel is critical to protect the data in transit. Definitely the best choice here.

upvoted 0 times

Reita

5 months ago

C) RADIUS services should be provided at branch offices so that authentication server and supplicant credentials are not sent over the Internet.

upvoted 0 times

...

Marge

5 months ago

B) APs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.

upvoted 0 times

...

Peggy

6 months ago

A) An encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to HQ.

upvoted 0 times

...

Terrilyn

7 months ago

I believe option C is also important to ensure secure authentication without sending credentials over the Internet.

upvoted 0 times

...

Alaine

7 months ago

Option A is the way to go. Encrypted VPNs are essential for securing the remote branch offices.

upvoted 0 times

Rodrigo

6 months ago

B) APs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.

upvoted 0 times

...

Delisa

7 months ago

A) An encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to HQ.

upvoted 0 times

...

Dolores

8 months ago

I agree with Karan, using an encrypted VPN ensures data confidentiality and integrity.

upvoted 0 times

...

Karan

8 months ago

I think option A is the best practice for secure communication between the WLAN controller and remote APs.

upvoted 0 times

...