CompTIA CySA+ (CS0-002) — Question 151

A Chief Information Officer wants to implement a BYOD strategy for all company laptops and mobile phones. The Chief Information Security Officer is concerned with ensuring all devices are patched and running some sort of protection against malicious software. Which of the following existing technical controls should a security analyst recommend to BEST meet all the requirements?

Answer options

• A. EDR
• B. Port security
• C. NAC
• D. Segmentation

Correct answer: C

Explanation

The correct answer, NAC (Network Access Control), effectively ensures that only compliant devices can access the network, addressing both patch management and malware protection concerns. EDR focuses on endpoint detection and response but does not manage device compliance. Port security limits access to specific devices, and segmentation divides the network but does not directly enforce device compliance.