Certified Information Systems Security Professional (CISSP) — Question 388
An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer
(CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST meets this objective?
Answer options
- A. Port security
- B. Two-factor authentication (2FA)
- C. Strong passwords
- D. Application firewall
Correct answer: A
Explanation
Port security is designed to restrict access to the network at the switch port level, making it the best choice for preventing unauthorized internal access. Two-factor authentication (2FA), strong passwords, and application firewalls primarily focus on user authentication and external threats rather than controlling access at the network port level.