An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer
(CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST meets this objective?
Port security is a Network Access Control (NAC) feature that controls access to the internal network by limiting the number of devices that can be connected to a switch port. It helps prevent unauthorized devices from gaining access within the network by ensuring that only authorized devices are allowed to connect to specific network ports. This is the best way to secure the network from unauthorized internal access.
NAC = Port Security
“Internal access” is key here. Port security.
Correct
You correctly identify 'internal access' as being key and I agree with you ! But ... Port 22 is routine open internally for legitimate access. 2FA is standard practice these days for securing access to network infrastructure.
Option B (Two-factor authentication) can indeed be an effective Network Access Control (NAC) capability to better protect the network from unauthorized internal access. Two-factor authentication adds an extra layer of security by requiring users to provide two different types of authentication factors, such as a password and a unique code sent to their mobile device, before gaining access to the network. By implementing two-factor authentication, even if an unauthorized individual gains access to a user's credentials (e.g., username and password), they would still need the second factor (e.g., the code sent to the user's mobile device) to successfully authenticate and gain access to the network. This helps mitigate the risk of unauthorized internal access, even if internal credentials are compromised. Therefore, both options A (Port security) and B (Two-factor authentication) can be valid choices to increase security and protect the network from unauthorized internal access. The choice between the two would depend on the specific requirements and context of the organization's network environment.
Network access can also be wireless, thus port security is not correct. Two-factor authentication (2FA) is a better choice.
The key word - increase . The question told us that control already been implemented. Now they want to increase. B is increase which from 1 to 2 ACD are all basic control which is from 0 to 1.
2FA provide the best security to the company
B is correct
To increase the vote and not confuse people, I will go for B anytime any day. Port security is for external access control
The objective of this question “protecting the network from unauthorized internal access” and to satisfy this requirements it is most likely 2FA ( MFA ). 2FA / MFA will be used for Authentication / Authorization, hence the answer is: B
MFA is not a capability of a NAC. So it should be A:
This says "An organization has implemented a protection strategy to secure the network from unauthorized external access." If it didn't say that I would have leaned to 2FA. But 2FA is relevant for both external and internal. We need to find something that's exclusive to internal. That's why I think it's Port security
While Port security is good, 2FA is better as there are two steps to bypass. Also for port security, MAC spoofing is a thing which makes me doubt this could be the right answer
Port security is a Network Access Control (NAC) feature that controls access to a network by limiting the number of devices that can be connected to a switch port. It helps prevent unauthorized devices from gaining access to the internal network by ensuring that only authorized devices are allowed to connect to specific network ports.
Correction: The answer is B The NAC capability that would best help protect the network from unauthorized internal access is B - Two-factor authentication (2FA). Enforcing 2FA requires authorized users to provide an additional verification factor when accessing the network from internal locations. This enhances security beyond just passwords. Port security, strong passwords, and application firewalls help against external threats but don't directly address internal users.
The answer is A The NAC capability that would best help protect the network from unauthorized internal access is B - Two-factor authentication (2FA). Enforcing 2FA requires authorized users to provide an additional verification factor when accessing the network from internal locations. This enhances security beyond just passwords. Port security, strong passwords, and application firewalls help against external threats but don't directly address internal users.
hints - port security is so the NAC can authenticate the devices - MFA is for user to authenticate.
B. Two-factor authentication (2FA) is the correct answer
the question is about "Which Network Access Control (NAC) capability " so A should be the correct answer