Final answer:
To best reduce the risk of a credentialed bypass attack on a core router, it is advisable to allow access to the router management interface only through an out-of-band channel which separates management from regular network traffic.
Step-by-step explanation:
To best reduce the risk of a credentialed bypass leading to unauthorized control of network traffic through the manipulation of a core router, it is recommended to implement multiple security measures. However, the most direct method to prevent this type of attack would be:
Option D: Allow access to the core router management interface only through an out-of-band channel.
This solution creates a separate, dedicated management channel that is not accessible through the same network paths as general user traffic. Consequently, even if an unauthorized user were to gain access to the WiFi network, they would still be unable to reach the management interface of the core router without access to the out-of-band channel. This makes it significantly more difficult to execute a credentialed bypass attack.
While implementing a strong password policy (Option A) can mitigate against unauthorized access, it does not directly prevent the routing manipulation if an attacker gains the correct credentials. Deploying 802.1X as a Network Access Control (NAC) system (Option B) would strengthen WiFi security, but it also does not directly prevent access to the routing infrastructure. Adding port security settings (Option C) enhances physical network security but does not address the specific routing issue raised in the question.