Certified Information Systems Security Professional (CISSP) — Question 106

A security practitioner needs to implement a solution to verify endpoint security protections and operating system (OS) versions. Which of the following is the
BEST solution to implement?

Answer options

• A. An intrusion prevention system (IPS)
• B. Network Access Control (NAC)
• C. Active Directory (AD) authentication
• D. A firewall

Correct answer: B

Explanation

Network Access Control (NAC) is the best choice because it allows organizations to enforce security policies on devices attempting to access the network, verifying their compliance with security protections and OS versions. In contrast, an IPS primarily focuses on detecting and preventing intrusions, while Active Directory authentication and firewalls do not specifically address the verification of endpoint security or OS versions.