Exam CISSP topic 1 question 66 discussion

NAC = Port Security

“Internal access” is key here. Port security.

Always check the protocol involved it will help

It read a NAC the answer is port security . Two factor is part of cloud security .

In this context, I think Port security is a network security feature that restricts access to a network port by limiting the number of MAC addresses allowed on a specific port. It's a layer-2 security mechanism that helps prevent unauthorized devices from accessing the network. This focus more on unauthorized external access. Unauthorized internal access is more likely would be coming from insider threats e.g., a disgruntled employee, or social engineering attack, contractors, etc.

To increase the vote and not confuse people, I will go for B anytime any day. Port security is for external access control

The objective of this question “protecting the network from unauthorized internal access” and to satisfy this requirements it is most likely 2FA ( MFA ). 2FA / MFA will be used for Authentication / Authorization, hence the answer is: B

MFA is not a capability of a NAC. So it should be A:

This says "An organization has implemented a protection strategy to secure the network from unauthorized external access." If it didn't say that I would have leaned to 2FA. But 2FA is relevant for both external and internal. We need to find something that's exclusive to internal. That's why I think it's Port security

The key word - increase . The question told us that control already been implemented. Now they want to increase. B is increase which from 1 to 2 ACD are all basic control which is from 0 to 1.

While Port security is good, 2FA is better as there are two steps to bypass. Also for port security, MAC spoofing is a thing which makes me doubt this could be the right answer

Port security is a Network Access Control (NAC) feature that controls access to a network by limiting the number of devices that can be connected to a switch port. It helps prevent unauthorized devices from gaining access to the internal network by ensuring that only authorized devices are allowed to connect to specific network ports.

Correction: The answer is B The NAC capability that would best help protect the network from unauthorized internal access is B - Two-factor authentication (2FA). Enforcing 2FA requires authorized users to provide an additional verification factor when accessing the network from internal locations. This enhances security beyond just passwords. Port security, strong passwords, and application firewalls help against external threats but don't directly address internal users.

The answer is A The NAC capability that would best help protect the network from unauthorized internal access is B - Two-factor authentication (2FA). Enforcing 2FA requires authorized users to provide an additional verification factor when accessing the network from internal locations. This enhances security beyond just passwords. Port security, strong passwords, and application firewalls help against external threats but don't directly address internal users.

hints - port security is so the NAC can authenticate the devices - MFA is for user to authenticate.

B. Two-factor authentication (2FA) is the correct answer

Option B (Two-factor authentication) can indeed be an effective Network Access Control (NAC) capability to better protect the network from unauthorized internal access. Two-factor authentication adds an extra layer of security by requiring users to provide two different types of authentication factors, such as a password and a unique code sent to their mobile device, before gaining access to the network. By implementing two-factor authentication, even if an unauthorized individual gains access to a user's credentials (e.g., username and password), they would still need the second factor (e.g., the code sent to the user's mobile device) to successfully authenticate and gain access to the network. This helps mitigate the risk of unauthorized internal access, even if internal credentials are compromised. Therefore, both options A (Port security) and B (Two-factor authentication) can be valid choices to increase security and protect the network from unauthorized internal access. The choice between the two would depend on the specific requirements and context of the organization's network environment.