nerdexam
ExamsCAS-002Questions#123
CompTIA

CAS-002 · Question #123

CAS-002 Question #123: Real Exam Question with Answer & Explanation

The correct answer is A: Implement a network access control (NAC) solution that assesses the posture of the laptop. Network Access Control (NAC) is the best control because it automatically evaluates the security posture of a reconnecting laptop before granting access to the corporate LAN.

Question

Staff from the sales department have administrator rights to their corporate standard operating environment, and often connect their work laptop to customer networks when onsite during meetings and presentations. This increases the risk and likelihood of a security incident when the sales staff reconnects to the corporate LAN. Which of the following controls would BEST protect the corporate network?

Options

  • AImplement a network access control (NAC) solution that assesses the posture of the laptop
  • BUse an independent consulting firm to provide regular network vulnerability assessments
  • CProvide sales staff with a separate laptop with no administrator access just for sales visits.
  • DUpdate the acceptable use policy and ensure sales staff read and acknowledge the policy.

Explanation

Network Access Control (NAC) is the best control because it automatically evaluates the security posture of a reconnecting laptop before granting access to the corporate LAN.

Common mistakes.

  • B. Periodic vulnerability assessments identify weaknesses at a point in time but do not provide real-time enforcement when a potentially compromised laptop reconnects to the corporate network.
  • C. Providing a separate laptop reduces exposure risk but is operationally expensive and does not technically prevent a contaminated device from eventually reconnecting to internal systems.
  • D. Updating the acceptable use policy changes expected behavior on paper but provides no technical enforcement and cannot prevent a compromised laptop from introducing malware onto the network.

Concept tested. Network Access Control for endpoint posture enforcement

Reference. https://csrc.nist.gov/publications/detail/sp/800-82/rev-3/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice