I think both B and C have some good qualities, but I ma going with B.
NAC validates that the posture or state of endpoint devices complies with security policies before the devices can access protected areas of the network. For devices that comply with the security policies, NAC allows access to protected services in the network. For devices that do not comply with security policies, NAC allows access to the network only for remediation, when the posture of the device is checked again.
Network Admission Control (NAC) is a security solution that enforces policies for endpoint devices as they attempt to access a network. The primary benefit of NAC is:
Assessing the security posture of a device (e.g., antivirus status, OS patches, firewall settings).
Enforcing access decisions based on that posture (e.g., full access, limited access, or quarantine).
Preventing potentially vulnerable or non-compliant systems from joining the trusted network.
https://docs.genians.com/release/en/intro.html; NAC can require the use of certificates, passwords, or a combination of both before allowing network admission.
It doesn't just provide access for 'endpoints' to web apps stated so if we take that answer literally as written - it's not as correct as the only correct answer which is " NAC can require the use of certificates, passwords, or a combination of both before allowing network admission.'
B. NAC supports validation of the endpoint's security posture prior to allowing the session to go into an authorized state.
Network Admission Control (NAC) allows organizations to assess and validate the security posture of endpoints (such as computers or devices) before granting them access to the network. It checks for compliance with security policies, up-to-date antivirus software, operating system patches, and other security requirements. Once the endpoint's security posture is verified and meets the criteria set by the organization, it is allowed to enter an authorized state and gain network access.
The benefit of using Network Admission Control (NAC) is that it supports validation of the endpoint's security posture prior to allowing the session to go into an authorized state. This means that devices attempting to access the network can be checked for compliance with security policies, such as up-to-date antivirus software or the presence of required security settings, before being granted access. This can help prevent the spread of malware and other security threats across the network.
Excluding A and D.
Option B seems not true to me, because NAC does security posture scan before authenticate the machine (not before authorize it).
I vote for C.
C is included within B, hence B is the better answer.
I.e. we can stipulate certificates and passwords as compliance conditions when checking endpoints security posture.
From rdy4u below ""Network access control (NAC)", also known as "Network Admission Control", is the process of restricting unauthorized users and devices from gaining access to a corporate or private network. NAC ensures that only users who are authenticated and devices that are authorized and compliant with security policies can enter the network.
https://www.fortinet.com/resources/cyberglossary/what-is-network-access-control"
"Network access control (NAC)", also known as "Network Admission Control", is the process of restricting unauthorized users and devices from gaining access to a corporate or private network. NAC ensures that only users who are authenticated and devices that are authorized and compliant with security policies can enter the network.
https://www.fortinet.com/resources/cyberglossary/what-is-network-access-control
Nah, C is a authentication server, think Microsoft NPS, Cisco ISE, FortiAuthenticator. A NAC is all about ensuring devices meet a base level of compliance before gaining access to the network. Cisco ISE, for example, has RADIUS and TACAC functionality for Certificate/Password based authentication, and it also has a NAC function (requires Advantage/Premier Licensing) which enables it to determine the devices posture, which it can then use as part of its authentication and authorization processes. It's B.
This section is not available anymore. Please use the main Exam Page.CISSP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
stickerbush1970
Highly Voted 2 years, 1 month agojackdryan
1 year, 5 months agoCww1
Highly Voted 2 years, 1 month agoa_kto_to
Most Recent 1 week, 2 days agoServerBrain
1 month, 3 weeks agoCCNPWILL
5 months, 1 week agoMP26
6 months, 2 weeks agoGuardianAngel
9 months, 1 week agoYesPlease
10 months, 3 weeks agoSoleandheel
11 months agoinvincible96
1 year, 7 months agoDee83
1 year, 9 months agoCessar
1 year, 9 months agooudmaster
1 year, 10 months agoBP_lobster
1 year, 11 months ago254Tech
2 years agordy4u
2 years agoHumongous1593
2 years, 1 month ago[Removed]
2 years ago