CISSP · Question #1449
CISSP Question #1449: Real Exam Question with Answer & Explanation
The correct answer is B: Network Access Control (NAC). Network Access Control (NAC) is designed specifically to evaluate endpoint compliance against policy before granting network access, making it the most effective pre-admission control mechanism for remote devices.
Question
Which of the following is the MOST effective way to ensure the endpoint devices used by remote users are compliant with an organization's approved policies before being allowed on the network?
Options
- AGroup Policy Object (GPO)
- BNetwork Access Control (NAC)
- CMobile Device Management (MDM)
- DPrivileged Access Management (PAM)
Explanation
Network Access Control (NAC) is designed specifically to evaluate endpoint compliance against policy before granting network access, making it the most effective pre-admission control mechanism for remote devices.
Common mistakes.
- A. GPOs apply configuration and policy settings to devices already joined to an Active Directory domain, but they cannot evaluate or block non-compliant remote endpoints at the point of network entry.
- C. MDM manages and enforces policies on enrolled mobile and endpoint devices, but it does not provide a network-level gate that blocks non-compliant devices before they connect to the network.
- D. PAM controls and monitors privileged account access and credentials, which addresses insider and administrative account risk rather than endpoint compliance at the time of network admission.
Concept tested. Network Access Control endpoint posture compliance enforcement
Reference. https://www.cisco.com/c/en/us/products/security/what-is-network-access-control-nac.html
Topics
Community Discussion
No community discussion yet for this question.