An organization recently upgraded its wireless infrastructure to support 802.1x and requires all clients to use
this method. After the upgrade, several critical wireless clients fail to connect because they are only pre-shared
key compliant. For the foreseeable future, none of the affected clients have an upgrade path to put them into
compliance with the 802.1x requirement. Which of the following provides the MOST secure method of
integrating the non-compliant clients into the network?

A.
Create a separate SSID and require the use of dynamic encryption keys.

B.
Create a separate SSID with a pre-shared key to support the legacy clients and rotate the key at random
intervals.

C.
Create a separate SSID and pre-shared WPA2 key on a new network segment and only allow required
communication paths.

D.
Create a separate SSID and require the legacy clients to connect to the wireless network using certificatebased 802.1x.