Cisco
400-007 · Question #210
400-007 Question #210: Real Exam Question with Answer & Explanation
The correct answer is A: posture assessment with remediation VLAN. Enforcing AV definition compliance in a NAC system requires posture assessment to evaluate the device health and a remediation VLAN to allow the non-compliant device to reach update servers before regaining full access.
Question
An architect receives a functional requirement for a NAC system from a customer security policy stating that if a corporate Wi-Fi device does not meet current AV definitions, then it cannot access the corporate network until the definitions are updated. Which component should be built into the NAC design?
Options
- Aposture assessment with remediation VLAN
- Bquarantine SGTs
- CdACLs with SGTs
- Dquarantine VLAN
Explanation
Enforcing AV definition compliance in a NAC system requires posture assessment to evaluate the device health and a remediation VLAN to allow the non-compliant device to reach update servers before regaining full access.
Common mistakes.
- B. Quarantine SGTs enforce TrustSec-based segmentation but do not provide a posture evaluation mechanism or a path for the device to perform AV definition updates.
- C. dACLs with SGTs apply per-session downloadable access control lists but address enforcement, not the posture check and remediation workflow described.
- D. A quarantine VLAN alone isolates the non-compliant device but lacks the posture assessment component needed to actually evaluate AV definition status and drive the remediation process.
Concept tested. NAC posture assessment with remediation VLAN design
Community Discussion
No community discussion yet for this question.