Answer A,D is correct: A. Enable the MAC Filtering option; D. Enable the WPA2 Policy option. Cisco wireless design separates RF behavior, client authentication, encryption, AP operating mode, and controller management. A WLC centralizes WLAN configuration and AP control, while lightweight APs use CAPWAP to register and exchange control/data information with the controller. Security choices such as WPA2/AES and WPA3/SAE are not interchangeable with older mechanisms such as WEP, TKIP, or RC4. RF questions also depend on channel planning: adjacent cells should avoid overlapping channels, and 5-GHz preference features reduce congestion in the 2.4-GHz band. The incorrect options generally confuse AP mode, authentication, encryption, or controller responsibilities. Cisco CCNA 200-301 v1.1 includes these items because wireless failures often come from using the right-looking feature in the wrong part of the WLAN design. The selected answer is the Cisco-consistent configuration or behavior for this wireless scenario.