nerdexam
(ISC)2

CISSP · Question #798

A large law firm would like to enable employees to participate in a bring your own device (BYOD) program. Only devices with up-to-date antivirus and operating system (OS) patches will be allowed on th

The correct answer is D. Network Access Control (NAC). Network Access Control (NAC) is the optimal solution for enforcing BYOD security requirements by checking device health before granting network access.

Submitted by fatima_kr· Mar 5, 2026Communication and Network Security

Question

A large law firm would like to enable employees to participate in a bring your own device (BYOD) program. Only devices with up-to-date antivirus and operating system (OS) patches will be allowed on the network. Which solution will BEST enforce the security requirements?

Options

  • AEndpoint Detection and Response
  • BNext-Generation Firewall
  • CIntrusion detection and prevention system (IDPS)
  • DNetwork Access Control (NAC)

How the community answered

(48 responses)
  • A
    6% (3)
  • B
    13% (6)
  • C
    2% (1)
  • D
    79% (38)

Why each option

Network Access Control (NAC) is the optimal solution for enforcing BYOD security requirements by checking device health before granting network access.

AEndpoint Detection and Response

Endpoint Detection and Response (EDR) primarily focuses on detecting and responding to threats on endpoints *after* they have gained network access, rather than enforcing pre-admission security posture checks.

BNext-Generation Firewall

A Next-Generation Firewall (NGFW) controls network traffic based on applications, users, and advanced threat intelligence, but it does not inherently check the health or compliance of individual endpoints before they connect.

CIntrusion detection and prevention system (IDPS)

An Intrusion Detection and Prevention System (IDPS) monitors network or system activities for malicious patterns and blocks detected threats, operating on network traffic rather than assessing endpoint security posture for initial network admission.

DNetwork Access Control (NAC)Correct

Network Access Control (NAC) systems are specifically designed to assess the security posture of devices attempting to connect to a network. NAC can verify if devices have up-to-date antivirus definitions and the latest OS patches, allowing only compliant devices to access the network or placing non-compliant devices in a remediation zone.

Concept tested: BYOD device posture assessment and network access control

Source: https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-top

Topics

#BYOD#Network Access Control#NAC#endpoint security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice