Which of the following would prevent unknown clients from connecting to your AP?

The correct choice involves unchecking "Default Authenticate" in the wireless card configuration and explicitly adding each known client's MAC address to the connect-list configuration. By disabling the "Default Authenticate" option, the access point no longer automatically allows connections from devices not specified in the access list. This step is essential because, without it, any device could potentially connect to the AP if it has the correct credentials or is within range.

The addition of each known client's MAC address to the connect-list further enhances security. This configuration ensures that only those devices listed are permitted to join the network, actively rejecting any unknown clients attempting to connect. This method is crucial for maintaining a controlled and secure wireless environment, making the network less vulnerable to unauthorized access.

In contrast, other options may not provide sufficient security for various reasons. Simply adding MAC addresses without adjusting the authentication settings could lead to unintended access by unauthorized clients. The use of a radius server is more suited for an enterprise setup requiring centralized authentication, which may be overkill for typical home or small office networks. Therefore, the combination of disabling default authentication and managing the connect-list effectively ensures robust protection against unknown clients.