It is D Taken from this Cisco document: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/flexconnect.html "authentication down, local switching—In this state, the WLAN rejects any new clients trying to authenticate, but it continues sending beacon and probe responses to keep existing clients alive. This state is valid only in standalone mode."

Authentication-Down/Switch-Local: A WLAN that requires central authentication rejects new users. Existing authenticated users continue to be switched locally until session time-out if configured. The WLAN continues to beacon and respond to probes until there are no more existing users associated to the WLAN. This state occurs as a result of the AP going into standalone mode.

The Main Point is the network to continue working and it can't continue working in the authentication down/witch localy Authentication Down—Local Switching: This state occurs as a result of the AP going into standalone mode. A WLAN that requires central authentication rejects new users. Existing authenticated users continue to be switched locally until session timeout (if configured). The WLAN continues to beacon and respond to probes until there are no more (existing) users associated to the WLAN. for the network to continue even after it has lost connection to the WLC it must be in Authentication Central: Switch Locally

D https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design-Guide/Enterprise_Mobility_8-1_Deployment_Guide/ch7_HREA.pdf Figure 7-4

I vote D. The reason for this is because the question asks which state allows this scenario "after the connection to the WLC has been lost". While some people say B is correct because that's the configuration mode you need to be in for it to work, the question asks for the state AFTER the connection has already been lost, so that's how I interpreted the question.

D is correct

Authentication-Down/Switch-Local: A WLAN that requires central authentication rejects new users. Existing authenticated users continue to be switched locally until session time-out if configured. The WLAN continues to beacon and respond to probes until there are no more existing users associated to the WLAN. This state occurs as a result of the AP going into standalone mode.

D. Authentication-Down/Switch-Local Cisco FlexConnect allows remote sites to locally switch traffic without having to traverse the WAN back to the central controller. In the context of FlexConnect, the "Authentication Down" state refers to the situation where the connection between the access point (AP) and the central Wireless LAN Controller (WLC) is lost. In this state, the AP can still provide basic wireless services to the clients that are already authenticated, even if it cannot communicate with the central controller. The "Switch-Local" mode means that the AP will locally switch user traffic without sending it back to the central controller. This allows wireless users that are connected to the network to continue working even after the connection to the WLC has been lost, as long as their authentication state is maintained. So, the correct answer is: D. Authentication-Down/Switch-Local