A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires:
• All remote devices to have up-to-date antivirus
• A HIDS
• An up-to-date and patched OS
Which of the following technologies should the company deploy to meet its security objectives? (Choose two.)
The company should deploy Network Access Control (NAC) and a Next-Generation Firewall (NGFW) to meet its security objectives. NAC solutions ensure compliance with security policies by checking that all connected devices have up-to-date antivirus software, host-based intrusion detection systems (HIDS), and up-to-date and patched operating systems before allowing them access to the network. NGFWs provide advanced security features such as intrusion prevention, deep packet inspection, and application filtering, which help protect the network from various threats and ensure compliance with security policies.
I think AF is the best answer. NAC and NDFW do not satisfy the HIDS requirement. Bastion hosts, however, should include a HIDS on them as a best practice. NAC will satisfy the other two requirements. NGFW doesn't bring anything to the table the NAC doesn't cover for these requirements.
A. NAC E. NGFW
NAC (Network Access Control): This can enforce policies to ensure that remote devices meet the specified requirements, including having up-to-date antivirus, an HIDS, and an up-to-date and patched OS. NGFW (Next-Generation Firewall): NGFWs provide advanced security features that can inspect traffic, detect and prevent malware, and enforce security policies. This helps in ensuring that traffic from remote devices meets the specified security requirements.
A. NAC (Network Access Control): NAC solutions can check the security posture of a device before allowing it access to the network. E. NGFW (Next-Generation Firewall): These are advanced firewalls that can incorporate features such as intrusion prevention, application filtering, and even some NAC-like capabilities. F. Bastion host: A bastion host is a special-purpose computer on a network that is designed to withstand attacks. It's typically used for secure remote access, but it doesn't enforce client device security posture.
A. NAC and E. NGFW. NAC (Network Access Control) is a technology that enforces security policies on devices that are connecting to a network. NAC can be used to ensure that all remote devices have up-to-date antivirus, a HIDS, and an up-to-date and patched OS. NGFW (Next-Generation Firewall) is a firewall that provides advanced security features, such as intrusion detection and prevention, application control, and web filtering. NGFW can be used to protect the extranet applications from attack.
A. NAC (Network Access Control): NAC can enforce security policies on devices attempting to access the network. It can check for antivirus software, the presence of a HIDS, and the status of the OS before allowing devices to connect to the network. E. NGFW (Next-Generation Firewall): NGFWs can inspect and control network traffic based on security policies. They can enforce policies related to antivirus checks, intrusion detection, and other security measures, helping to ensure that remote devices meet the specified security requirements.
NAC helps enforce security policies by ensuring that devices meet certain security criteria before they are allowed to connect to the network. This can include checking for up-to-date antivirus software, HIDS, and ensuring the operating system is patched. NGFWs provide advanced security features beyond traditional firewalls, including intrusion prevention, application awareness, and deep packet inspection.