The security option for 802.11 networks that supports SAE and requires protected management frames isWPA3. WPA3 stands for Wi-Fi Protected Access version 3 and is the latest security standard for WLANs. WPA3 supports two modes: WPA3-Personal and WPA3-Enterprise. WPA3-Personal uses Simultaneous Authentication of Equals (SAE) as the key exchange protocol, which provides stronger protection against offline dictionary attacks and password guessing than WPA2-Personal. WPA3 also requires protected management frames, which are encrypted frames that prevent spoofing, replay, or denial-of-service attacks on management frames such as deauthentication or disassociation frames. WPA, WPA2, and OWE do not support SAE or require protected management frames.Reference:[CWNP Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 307; [CWNA: Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 297.

The guard interval is a short period of time inserted between the symbols of an OFDM signal to prevent inter-symbol interference and improve the robustness of the transmission1. The guard interval can have different values depending on the 802.11 standard and the configuration of the device.For example, 802.11n supports two guard intervals: 800 ns (normal) and 400 ns (short)2.802.11ac supports the same guard intervals as 802.11n, plus an optional 200 ns guard interval for 80 MHz and 160 MHz channels3.802.11ax supports three guard intervals: 800 ns, 1600 ns, and 3200 ns4.

The guard interval affects the data rate because it determines the duration of each symbol. A shorter guard interval means more symbols can be transmitted in a given time, resulting in a higher data rate. However, a shorter guard interval also means less protection against inter-symbol interference, which may degrade the signal quality and increase the error rate. Therefore, there is a trade-off between data rate and reliability when choosing the guard interval.

The MCS tables for HT and VHT PHY devices show the data rates for different combinations of modulation, coding, channel width, spatial streams, and guard intervals.For example, for a VHT device using MCS 9 with QAM-256 modulation, 5/6 coding rate, 80 MHz channel width, and one spatial stream, the data rate is 433.3 Mbps with a normal guard interval (800 ns) and 486.7 Mbps with a short guard interval (400 ns)2. Therefore, the guard interval impacts the data rate according to the MCS tables.

A VoIP phone is least likely to be a POE PSE of the devices listed. POE stands for Power over Ethernet, which is a technology that allows devices to receive both power and data over a single Ethernet cable. A POE PSE stands for Power Sourcing Equipment, which is a device that provides power to other devices over Ethernet. A POE PD stands for Powered Device, which is a device that receives power from a PSE over Ethernet. A midspan multi-port injector, a switch, and a midspan injector are examples of POE PSEs, as they can supply power to multiple devices over Ethernet cables. A VoIP phone is an example of a POE PD, as it can receive power from a PSE over an Ethernet cable.However, some VoIP phones can also act as POE PSEs for other devices, such as IP cameras or wireless access points, but this is not very common.Reference:CWNA-109 Study Guide, Chapter 8: Wireless LAN Access Points, page 2411

The client STA can useBeacon frames transmitted by the APto verify that an AP supports the same data rates that it supports. Beacon frames are management frames that are periodically broadcasted by the APs to announce their presence, capabilities, and parameters. One of the information elements contained in the Beacon frames is the Supported Rates or Extended Supported Rates, which lists the data rates that the AP can use for communication. The client STA can compare its own data rates with those advertised by the AP to determine if they are compatible. Data frames, authentication frames, and probe request frames do not contain information about data rates.Reference:[CWNP Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 133; [CWNA: Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 123.

Authenticated and Unassociated.According to one of the web search results1, a STA can be authenticated to multiple APs, but it can only be associated to one AP at a time.Association is the process of establishing a logical link between the STA and the AP, which allows the STA to send and receive data frames through the AP2. Therefore, when a STA has authenticated to an AP-1, but still maintains a connection with another AP-2, it means that the STA is authenticated to both APs, but only associated to AP-2. The state of the STA on AP-1 is authenticated and unassociated, which means that the STA can switch to AP-1 without repeating the authentication process, but it cannot send or receive data frames through AP-1 until it becomes associated.