Given:
ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around
the United States. 802.1X/EAP is ABC’s preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single
WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources.
What security best practices should be followed in this deployment scenario?

A.
An encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to
HQ.

B.
APs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.

C.
RADIUS services should be provided at branch offices so that authentication server and supplicant credentials are not sent over the Internet.

D.
Remote management of the WLAN controller via Telnet, SSH, HTTP, and HTTPS should be prohibited across the WAN link.