The correct action is to expose only encrypted management services: HTTPS for WebUI administration and SSH for remote CLI administration. The exhibit confirms the WLC wireless management interface is VLAN 10 with IP address 10.10.1.2, but interface placement alone does not enforce secure management protocol policy. Cisco Catalyst 9800 documentation identifies web admin settings as controller management configuration that determines administrator access, protocols, and interfaces for remote management. Cisco further states that administrators can connect securely over HTTPS, while HTTP “is not a secure connection,” and that HTTPS encrypts data to and from the server.

For CLI access, Cisco’s Catalyst 9800 Secure Shell guidance states that SSH enables secure remote access, and usingtransport input sshprevents non-SSH Telnet connections, limiting the device to SSH-only access. Therefore, options A and B violate policy because they permit Telnet and/or HTTP. Option C fails because console access is local, not remote, and disabling only HTTP still leaves Telnet exposure unresolved. Reference topics:Wireless Monitoring and Management — WLC management access, secure administration, HTTPS, SSH, and management-plane hardening.