Exam CISSP topic 1 question 66 discussion

NAC = Port Security

“Internal access” is key here. Port security.

I trust deepseek The BEST Network Access Control (NAC) capability to protect the network from unauthorized internal access is: A. Port security Explanation: Port security is a NAC feature that restricts access to a network by limiting which devices can connect to specific switch ports based on their MAC addresses. This prevents unauthorized devices from gaining access to the network internally, even if they are physically connected to the network. Two-factor authentication (2FA) and strong passwords are important for securing user accounts but do not directly address unauthorized internal access at the network level. Application firewalls are designed to protect applications from external threats and are not specifically focused on controlling internal network access. Port security is the most effective NAC capability for mitigating risks from unauthorized internal access.

The best option for securing internal network access is: B. Two-factor authentication (2FA). While 2FA is typically seen as a defense for external access, it can also be crucial for internal access. In environments where insiders are given access to the network, 2FA ensures that even if an insider’s credentials are compromised (for instance, if someone gains access to a user's password), the second factor (like a time-based code or biometric scan) is required to access the system. This significantly reduces the risk of unauthorized internal access.

The correct answer is: B. Two-factor authentication (2FA) Explanation: Two-factor authentication (2FA) provides an additional layer of security beyond just relying on passwords or credentials. By requiring two separate factors (something the user knows, like a password, and something the user has, like a token or mobile device), 2FA significantly increases protection against unauthorized access, even if an attacker has compromised a user's password. Internal access control is a major focus here, and 2FA is especially effective in mitigating the risk of unauthorized access by internal users, as it strengthens the authentication process and ensures that access is granted only when both factors are verified.

Always check the protocol involved it will help

It read a NAC the answer is port security . Two factor is part of cloud security .

In this context, I think Port security is a network security feature that restricts access to a network port by limiting the number of MAC addresses allowed on a specific port. It's a layer-2 security mechanism that helps prevent unauthorized devices from accessing the network. This focus more on unauthorized external access. Unauthorized internal access is more likely would be coming from insider threats e.g., a disgruntled employee, or social engineering attack, contractors, etc.

To increase the vote and not confuse people, I will go for B anytime any day. Port security is for external access control

The objective of this question “protecting the network from unauthorized internal access” and to satisfy this requirements it is most likely 2FA ( MFA ). 2FA / MFA will be used for Authentication / Authorization, hence the answer is: B

MFA is not a capability of a NAC. So it should be A:

This says "An organization has implemented a protection strategy to secure the network from unauthorized external access." If it didn't say that I would have leaned to 2FA. But 2FA is relevant for both external and internal. We need to find something that's exclusive to internal. That's why I think it's Port security

The key word - increase . The question told us that control already been implemented. Now they want to increase. B is increase which from 1 to 2 ACD are all basic control which is from 0 to 1.

While Port security is good, 2FA is better as there are two steps to bypass. Also for port security, MAC spoofing is a thing which makes me doubt this could be the right answer

Port security is a Network Access Control (NAC) feature that controls access to a network by limiting the number of devices that can be connected to a switch port. It helps prevent unauthorized devices from gaining access to the internal network by ensuring that only authorized devices are allowed to connect to specific network ports.

Correction: The answer is B The NAC capability that would best help protect the network from unauthorized internal access is B - Two-factor authentication (2FA). Enforcing 2FA requires authorized users to provide an additional verification factor when accessing the network from internal locations. This enhances security beyond just passwords. Port security, strong passwords, and application firewalls help against external threats but don't directly address internal users.

The answer is A The NAC capability that would best help protect the network from unauthorized internal access is B - Two-factor authentication (2FA). Enforcing 2FA requires authorized users to provide an additional verification factor when accessing the network from internal locations. This enhances security beyond just passwords. Port security, strong passwords, and application firewalls help against external threats but don't directly address internal users.