Exam CS0-002 topic 1 question 307 discussion

This question is about preventing non compliant devices from connecting to a network. NAC is literally designed for this purpose. It is shocking to me that people are saying A. EDR is mostly used for detecting malicious behavior happening on an endpoint, and while it is useful it won't be helping you ensure they have antivirus and up to date patches when connecting to your network, which is what the question is asking.

Network access control (NAC) solutions enable an organization to restrict unauthorized or non-compliant devices and users from accessing the corporate network. This helps to ensure that all devices connected to the corporate network are compliant with corporate security policies. In addition, continuously checking device compliance is a core requirement for any organization’s Zero Trust Security model. - CheckPoint

Malwarebytes reports: "Two of the top BYOD security tools include Endpoint Detection and Response (EDR) solutions and Managed Detection and Response (MDR) services."

After checking the book, and mainly Jason Dion Course - Module 44: NAC Configuration, NAC is the technical control we want. The Network Access Control Posture Assessment can include antivirus scans and OS patches as part of the health policy compliance needed to join the network.

Its BYOD so you would want to use NAC to verify antimalware was running before giving them network access. Not sure you could do EDR on a BYOD endpoint.

C. With the phrase "running some sort of protection against malicious software.." tells me that EDR is not the choice and NAC is the better solution. If we are saying EDR, then is that company providing the EDR solution? Just my thoughts.

A NAC will ensure that a device is patched and running an antimalware software. I bet for C as the right answer.

Defo A - EDR. Defender for Endpoint - I use it everyday. NAC is also good but EDR wins it.

With NAC you can enforce 802.1X EAP and other authentication requirements before connecting to the network.

Endpoint Detection and Response (EDR) is a security solution that is used to detect and respond to malicious activity on endpoints, such as laptops and mobile devices. While EDR can be an important component of a security strategy for BYOD devices, it is not the only solution that would be needed to meet the requirements stated by the Chief Information Officer and the Chief Information Security Officer. Other controls, such as Network Access Control (NAC) and Mobile Device Management (MDM), would also be needed to ensure that all devices are patched and protected against malicious software.

EDRs can not be installed on BYOD devices. NAC seems like the logical solution as it enforces policies, patches and configurations on BYOD devices

The security analyst should recommend Endpoint Detection and Response (EDR) as a technical control for the BYOD strategy. EDR provides visibility into the endpoints and allows security personnel to monitor, detect, and respond to threats on these devices in real-time. This will help ensure that all devices are running the latest security patches and have protection against malicious software, which will meet the requirements of the Chief Information Security Officer