Certified Information Systems Security Professional (CISSP) — Question 210

A large law firm would like to enable employees to participate in a bring your own device (BYOD) program. Only devices with up-to-date antivirus and operating system (OS) patches will be allowed on the network. Which solution will BEST enforce the security requirements?

Answer options

• A. Endpoint Detection and Response
• B. Next-Generation Firewall
• C. Intrusion detection and prevention system (IDPS)
• D. Network Access Control (NAC)

Correct answer: D

Explanation

Network Access Control (NAC) is the most effective solution as it can enforce security policies by ensuring only compliant devices, with up-to-date antivirus and OS patches, can access the network. Other options, like Endpoint Detection and Response and Next-Generation Firewall, focus more on monitoring and responding to threats rather than enforcing access control based on device compliance.