The verified answer is A. WPA2 with AES is the strongest encryption combination in the listed options. AES/CCMP replaced older WEP, RC4, and TKIP-based approaches and is the expected secure WPA2 cipher choice. Cisco CCNA 200-301 v1.1 places this skill in Security Fundamentals, where the exam expects a working understanding of how the feature behaves on real Cisco networks, not just a memorized command. WEP and TKIP are deprecated, and WPA with AES is not the preferred WPA2 security combination. In production, this distinction matters because a misapplied command or design choice usually creates an outage, a security gap, or unnecessary troubleshooting noise. The correct choice matches the control-plane, data-plane, wireless, security, or services behaviour described in the scenario and should be preferred over options that merely sound related.