CCDE: Cisco Certified Design Expert (Practical) — Question 136

An architect receives a functional requirement for a NAC system from a customer security policy stating that if a corporate Wi-Fi device does not meet current AV definitions, then it cannot access the corporate network until the definitions are updated. Which component should be built into the NAC design?

Answer options

• A. posture assessment with remediation VLAN
• B. quarantine SGTs
• C. dACLs with SGTs
• D. quarantine VLAN

Correct answer: A

Explanation

The correct answer is A, as posture assessment with remediation VLAN allows the NAC system to evaluate the compliance of devices and place non-compliant devices into a remediation VLAN until they meet the required security standards. Options B and D do not provide the necessary functionality for assessing and remediating compliance issues, while option C does not specifically address the requirement for remediation based on AV definitions.