Free PBQ Demo · Advanced

Topology · Wireless Hardening

Lock down a corporate WiFi — pick WPA3 + 802.1X, wire RADIUS, set rogue-AP detection, and harden the controller.

Tests: Wireless security, 802.1X / EAP, RADIUS, rogue-AP defence — Security+ Domain 3 Architecture.

~8 minNo signup needed

Scenario

A pen-test report flagged your guest WiFi as WPA2-PSK with the password on a sticky note. You are rebuilding to WPA3-Enterprise.

Configure the WLAN controller, both access points, the RADIUS server, and the rogue-AP detection so the WiFi survives the audit.

Network Topology — Live View

monitoring
AAAWLAN Controllerwlc-core-01AP-NORTH5GHz · ch 36AP-SOUTH5GHz · ch 149RADIUSauth + accountingBYOD Clientemployee laptopRogue APunknown vendor
InfectedAlertConfiguredclick any hostto configure

WLAN Controller

wlc-core-01

SSID Security

Encryption:
EAP method:

Tasks

  • Configure WPA3-Enterprise + EAP-TLS on the WLAN controller.
  • Enable PMF + medium TX power on both APs.
  • Wire RADIUS — accounting on, legacy EAP rejected, secret rotates 90d.
  • Provision a device cert on the BYOD client for EAP-TLS.

0 settings configured

Liked this PBQ? There are 80+ more inside.

Sign up free to take full timed exams with mixed MCQs and all 6 PBQ types — across 10 CompTIA and Cisco certifications.