In an environment with IP cameras and headless scanners that do not support 802.1X, how can MPSK help secure these devices?

• A. Use MPSK Local to automatically provides unique pre-shared Keys for devices
• B. Aruba ClearPass performs the 802.1X authentication and installs a certificate
• C. MPSK provides for each device in the WLAN to have its own unique pre-shared key
• D. MPSK Local will allow the cameras to share a rey and the scanners to share a different

Answer: (C)

When devices can’t use 802.1X, you still want to control who can connect and limit the impact if a device is compromised. MPSK solves this by giving every device its own unique pre-shared key. That means each IP camera or headless scanner authenticates with a secret that no other device uses, so there’s no blanket access shared across all devices. You can map each key to its device and apply device-specific policies; if a device is removed or its key is compromised, you revoke just that one key without touching others. This per-device credential approach is precisely what makes MPSK effective for securing devices that don’t support 802.1X.

The other options describe approaches that don’t fit the scenario: relying on certificate-based 802.1X or a controller performing EAP with certificates isn’t applicable to devices that can’t support 802.1X, and using the same key for multiple devices undermines the security benefit of per-device isolation.