Exam CISSP topic 1 question 84 discussion

A. Network Access Control (NAC) Here’s why NAC is the best choice: Network Access Control (NAC): NAC solutions provide a comprehensive approach to managing and enforcing security policies for devices attempting to access network resources. They can perform health checks on devices to ensure compliance with security policies (e.g., antivirus presence, up-to-date patches) before granting network access. This makes NAC highly effective for verifying compliance of endpoint devices used by remote users. NAC provides a holistic approach by integrating various checks and balances to ensure all endpoint devices meet the required security policies before accessing the network, making it the most effective solution for this purpose.

Correct answer is NAC. How i know it? I Managed a NAC tool for 3 plus years. They are used to verify the posture of an endpoint before allowing them full network access. If they don't meet the requirement the device is isolated to a limited network state.

MDM. With MDM you can ensure the device is in a good posture before being allowed on the network. Answer is D.

I prefer D. Keywords- complain company approved policy. It does mentions what policies. NAC is just policy of access. But MDM includes policies for access, how data was encrypted, what software you can used, which website you can't browse etc. So I chose D.

Answer A) Key phrase in question is "on network" NAC can stop devices at Network level (virtual or otherwise). MDM does apply to mobile devices like laptops, but cell phones are not usually connecting directly to a Network. Also, MDM stops mobile devices even before connecting to a network if they don't meet minimum policy requirements like phone OS version is older than the accepted version.

A. Network Access Control (NAC)

Mobile Device Management (MDM) solutions are designed to manage and enforce policies on mobile devices, including remote users' endpoint devices. MDM allows organizations to ensure compliance with security policies, enforce configuration settings, and remotely manage devices, making it a powerful tool for securing remote endpoints.

The MOST effective way to ensure the endpoint devices used by remote users are compliant with an organization's approved policies before being allowed on the network is by using A. Network Access Control (NAC) Network Access Control (NAC) solutions provide organizations with the ability to authenticate and validate the compliance of devices before granting them access to the network. NAC solutions typically perform checks on various aspects of the device, such as its operating system, antivirus software, patches, and configuration settings, to ensure they meet the organization's security policies. By implementing NAC, organizations can enforce policies and control access based on the compliance status of the endpoint devices. Devices that do not meet the required security standards can be prevented from accessing the network or placed in a restricted network segment until they are brought into compliance.

D. Mobile Device Management (MDM) is the right choice.

For sure it is D, the question is asking effective way to ensure the endpoint devices are compliant to company rules. NAC is only for remote user authentication; but for device that is used by users, shall be MDM. Quoted from OSG9: Administrators register employee devices with a mobile device management (MDM) system. Mobile device management (MDM) is a software solution to the challenging task of managing the myriad mobile devices that employees use to access company resources. The MDM system monitors and manages mobile devices and ensures that they are kept up-to-date. The goals of MDM are to improve security, provide monitoring, enable remote management, and support troubleshooting.

A, remote user need to meet the NAC requirement to connect

Network access control (NAC), also known as network admission control, is the process of restricting unauthorized users and devices from gaining access to a corporate or private network. NAC ensures that only users who are authenticated and devices that are authorized and compliant with security policies can enter the network.

Network access control (NAC), also known as network admission control, is the process of restricting unauthorized users and devices from gaining access to a corporate or private network. NAC ensures that only users who are authenticated and devices that are authorized and compliant with security policies can enter the network.

Before allowing you to connect - who the heck are you? = NAC

A is correct