CISSP · Question #1098
An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer (CISO) wants to increase security by better pr
The correct answer is B. Port security. NAC port security controls which devices can connect to network switch ports, directly preventing unauthorized internal access by binding MAC addresses to specific ports.
Question
An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer (CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST meets this objective?
Options
- AApplication firewall
- BPort security
- CStrong passwords
- DTwo-factor authentication (2FA)
How the community answered
(54 responses)- A2% (1)
- B93% (50)
- C2% (1)
- D4% (2)
Why each option
NAC port security controls which devices can connect to network switch ports, directly preventing unauthorized internal access by binding MAC addresses to specific ports.
An application firewall filters traffic based on application-layer content and is primarily used to protect applications from attack, not to control which internal devices are permitted to connect to the network infrastructure.
Port security is a NAC capability implemented at the network switch level that restricts which devices can connect to a physical or logical port, typically by limiting or binding allowed MAC addresses. This directly addresses unauthorized internal access by preventing rogue or unrecognized devices from gaining network connectivity, even when someone has physical access to an internal network jack or switch port.
Strong passwords are an authentication hardening measure that protect account credentials but do not prevent an unauthorized device from physically connecting to an internal network port.
Two-factor authentication strengthens user identity verification during login but does not constitute a NAC capability that controls network port access for unauthorized internal devices.
Concept tested: NAC port security for internal network access control
Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-1/configuration_guide/sec/b_171_sec_9300_cg/configuring_port_security.html
Topics
Community Discussion
No community discussion yet for this question.