nerdexam
(ISC)2

CISSP · Question #1098

An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer (CISO) wants to increase security by better pr

The correct answer is B. Port security. NAC port security controls which devices can connect to network switch ports, directly preventing unauthorized internal access by binding MAC addresses to specific ports.

Submitted by certguy· Mar 5, 2026Communication and Network Security

Question

An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer (CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST meets this objective?

Options

  • AApplication firewall
  • BPort security
  • CStrong passwords
  • DTwo-factor authentication (2FA)

How the community answered

(54 responses)
  • A
    2% (1)
  • B
    93% (50)
  • C
    2% (1)
  • D
    4% (2)

Why each option

NAC port security controls which devices can connect to network switch ports, directly preventing unauthorized internal access by binding MAC addresses to specific ports.

AApplication firewall

An application firewall filters traffic based on application-layer content and is primarily used to protect applications from attack, not to control which internal devices are permitted to connect to the network infrastructure.

BPort securityCorrect

Port security is a NAC capability implemented at the network switch level that restricts which devices can connect to a physical or logical port, typically by limiting or binding allowed MAC addresses. This directly addresses unauthorized internal access by preventing rogue or unrecognized devices from gaining network connectivity, even when someone has physical access to an internal network jack or switch port.

CStrong passwords

Strong passwords are an authentication hardening measure that protect account credentials but do not prevent an unauthorized device from physically connecting to an internal network port.

DTwo-factor authentication (2FA)

Two-factor authentication strengthens user identity verification during login but does not constitute a NAC capability that controls network port access for unauthorized internal devices.

Concept tested: NAC port security for internal network access control

Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-1/configuration_guide/sec/b_171_sec_9300_cg/configuring_port_security.html

Topics

#NAC#port security#internal network security#access control

Community Discussion

No community discussion yet for this question.

Full CISSP Practice