Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam CISSP topic 1 question 66 discussion

Actual exam question from ISC's CISSP
Question #: 66
Topic #: 1
[All CISSP Questions]

An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer
(CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST meets this objective?

  • A. Port security
  • B. Two-factor authentication (2FA)
  • C. Strong passwords
  • D. Application firewall
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
DERCHEF2009
Highly Voted 1 year, 6 months ago
Selected Answer: A
NAC = Port Security
upvoted 20 times
...
BDSec
Highly Voted 1 year, 6 months ago
“Internal access” is key here. Port security.
upvoted 9 times
cccispman
1 year, 2 months ago
You correctly identify 'internal access' as being key and I agree with you ! But ... Port 22 is routine open internally for legitimate access. 2FA is standard practice these days for securing access to network infrastructure.
upvoted 2 times
...
dev46
1 year, 6 months ago
Correct
upvoted 3 times
...
...
Hongjun
Most Recent 3 weeks, 4 days ago
Selected Answer: B
The key word - increase . The question told us that control already been implemented. Now they want to increase. B is increase which from 1 to 2 ACD are all basic control which is from 0 to 1.
upvoted 2 times
...
IntheZone
2 months, 1 week ago
Selected Answer: B
While Port security is good, 2FA is better as there are two steps to bypass. Also for port security, MAC spoofing is a thing which makes me doubt this could be the right answer
upvoted 1 times
...
AMANSUNAR
4 months, 1 week ago
Selected Answer: A
Port security is a Network Access Control (NAC) feature that controls access to a network by limiting the number of devices that can be connected to a switch port. It helps prevent unauthorized devices from gaining access to the internal network by ensuring that only authorized devices are allowed to connect to specific network ports.
upvoted 1 times
...
InclusiveSTEAM
5 months, 2 weeks ago
Correction: The answer is B The NAC capability that would best help protect the network from unauthorized internal access is B - Two-factor authentication (2FA). Enforcing 2FA requires authorized users to provide an additional verification factor when accessing the network from internal locations. This enhances security beyond just passwords. Port security, strong passwords, and application firewalls help against external threats but don't directly address internal users.
upvoted 1 times
...
InclusiveSTEAM
5 months, 2 weeks ago
The answer is A The NAC capability that would best help protect the network from unauthorized internal access is B - Two-factor authentication (2FA). Enforcing 2FA requires authorized users to provide an additional verification factor when accessing the network from internal locations. This enhances security beyond just passwords. Port security, strong passwords, and application firewalls help against external threats but don't directly address internal users.
upvoted 1 times
...
Moose01
5 months, 4 weeks ago
hints - port security is so the NAC can authenticate the devices - MFA is for user to authenticate.
upvoted 1 times
...
Sledge_Hammer
6 months, 2 weeks ago
B. Two-factor authentication (2FA) is the correct answer
upvoted 1 times
...
Bach1968
8 months, 3 weeks ago
Selected Answer: B
Option B (Two-factor authentication) can indeed be an effective Network Access Control (NAC) capability to better protect the network from unauthorized internal access. Two-factor authentication adds an extra layer of security by requiring users to provide two different types of authentication factors, such as a password and a unique code sent to their mobile device, before gaining access to the network. By implementing two-factor authentication, even if an unauthorized individual gains access to a user's credentials (e.g., username and password), they would still need the second factor (e.g., the code sent to the user's mobile device) to successfully authenticate and gain access to the network. This helps mitigate the risk of unauthorized internal access, even if internal credentials are compromised. Therefore, both options A (Port security) and B (Two-factor authentication) can be valid choices to increase security and protect the network from unauthorized internal access. The choice between the two would depend on the specific requirements and context of the organization's network environment.
upvoted 3 times
...
samir45
9 months, 3 weeks ago
Network access can also be wireless, thus port security is not correct. Two-factor authentication (2FA) is a better choice.
upvoted 3 times
...
crazywai1221
11 months, 2 weeks ago
Selected Answer: B
2FA provide the best security to the company
upvoted 2 times
jackdryan
10 months, 3 weeks ago
B is correct
upvoted 2 times
...
...
Pamela11
1 year ago
the question is about "Which Network Access Control (NAC) capability " so A should be the correct answer
upvoted 1 times
...
Kenny_123
1 year, 1 month ago
Selected Answer: B
most secure way
upvoted 1 times
...
Dee83
1 year, 2 months ago
B. Two-factor authentication (2FA) Two-factor authentication (2FA) provides an additional layer of security by requiring users to provide two forms of identification before gaining access to a network. This can include something the user knows (e.g. a password), something the user has (e.g. a security token or smart card), or something the user is (e.g. biometric data). By requiring two forms of identification, 2FA makes it much more difficult for unauthorized users, including those who have obtained valid login credentials, to gain access to the network. This will better protect the network from unauthorized internal access, which is the objective stated by the CISO.
upvoted 2 times
...
Delab202
1 year, 2 months ago
Selected Answer: A
A more formal method of switch port security is 802.1x. This is port-based network access control. You may see it referred to as PNAC, or simply NAC. With NAC, you can still allow all of your interfaces to be enabled, but you don’t gain access to the network unless you provide the correct authentication.
upvoted 3 times
...
cccispman
1 year, 2 months ago
Lets get something straight here, 2FA is routinely used these days for internal and external access. The inclusion of NAC in this question is making me think more now about Port security :-/
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...