nerdexam
CompTIA

SY0-301 · Question #750

A computer is put into a restricted VLAN until the computer's virus definitions are up-to-date. Which of the following BEST describes this system type?

The correct answer is C. NAC. Network Access Control (NAC) enforces endpoint health policies by placing non-compliant devices into a restricted or quarantine VLAN until they meet defined requirements such as current antivirus definitions.

Security architecture

Question

A computer is put into a restricted VLAN until the computer's virus definitions are up-to-date. Which of the following BEST describes this system type?

Options

  • ANAT
  • BNIPS
  • CNAC
  • DDMZ

How the community answered

(18 responses)
  • C
    94% (17)
  • D
    6% (1)

Why each option

Network Access Control (NAC) enforces endpoint health policies by placing non-compliant devices into a restricted or quarantine VLAN until they meet defined requirements such as current antivirus definitions.

ANAT

NAT (Network Address Translation) translates private IP addresses to public ones for routing purposes and has no role in endpoint health assessment or VLAN assignment.

BNIPS

NIPS (Network Intrusion Prevention System) monitors and blocks malicious network traffic in real time but does not assess endpoint compliance or manage VLAN placement.

CNACCorrect

NAC evaluates endpoint compliance - including patch level, antivirus signature currency, and firewall status - before granting full network access. Non-compliant devices are automatically assigned to a restricted VLAN where they can only reach remediation resources until they meet policy requirements, which exactly describes the scenario.

DDMZ

A DMZ is a network segment that separates public-facing servers from the internal network and is not a dynamic compliance enforcement mechanism.

Concept tested: Network Access Control endpoint compliance and quarantine VLAN

Source: https://learn.microsoft.com/en-us/mem/intune/protect/network-access-control-integrate

Topics

#NAC#VLAN#endpoint compliance#network access control

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice