CISSP · Question #798
A large law firm would like to enable employees to participate in a bring your own device (BYOD) program. Only devices with up-to-date antivirus and operating system (OS) patches will be allowed on th
The correct answer is D. Network Access Control (NAC). Network Access Control (NAC) is the optimal solution for enforcing BYOD security requirements by checking device health before granting network access.
Question
A large law firm would like to enable employees to participate in a bring your own device (BYOD) program. Only devices with up-to-date antivirus and operating system (OS) patches will be allowed on the network. Which solution will BEST enforce the security requirements?
Options
- AEndpoint Detection and Response
- BNext-Generation Firewall
- CIntrusion detection and prevention system (IDPS)
- DNetwork Access Control (NAC)
How the community answered
(48 responses)- A6% (3)
- B13% (6)
- C2% (1)
- D79% (38)
Why each option
Network Access Control (NAC) is the optimal solution for enforcing BYOD security requirements by checking device health before granting network access.
Endpoint Detection and Response (EDR) primarily focuses on detecting and responding to threats on endpoints *after* they have gained network access, rather than enforcing pre-admission security posture checks.
A Next-Generation Firewall (NGFW) controls network traffic based on applications, users, and advanced threat intelligence, but it does not inherently check the health or compliance of individual endpoints before they connect.
An Intrusion Detection and Prevention System (IDPS) monitors network or system activities for malicious patterns and blocks detected threats, operating on network traffic rather than assessing endpoint security posture for initial network admission.
Network Access Control (NAC) systems are specifically designed to assess the security posture of devices attempting to connect to a network. NAC can verify if devices have up-to-date antivirus definitions and the latest OS patches, allowing only compliant devices to access the network or placing non-compliant devices in a remediation zone.
Concept tested: BYOD device posture assessment and network access control
Source: https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-top
Topics
Community Discussion
No community discussion yet for this question.