how to prevent random WAP connecting to WLC?

I might be misunderstood by process of how WAP connects to WLC. I am trying to figure out how WLC authenticate a WAP. I understood WLC discovery and establishing CAPWAP tunnel part.
Lets say someone plugged in a WAP in one of walled ethernet ports in my office. That WAP does not belong to my company. Few questions.
Does that WAP get IP addresses using DHCP? i am assuming Yes.
Does that WAP shows on WLC?
Does that WAP gets latest configuration from WLC and starts broadcasting SSID?
How do i prevent such 'not-owned-by-my-company' WAP from connecting to WLC?