5.7.3 Practice Questions
Which of the following NAC agent types would be used for IoT devices?
Agentless An agentless agent is on the domain controller. When the user logs into the domain, it authenticates with the network. Agentless NAC is often used when there is limited disk space, such as for Internet of Things (IoT) devices. A dissolvable agent is downloaded, or a temporary connection is established. The agent is removed once the user is done with it. Zero-trust security means nothing is trusted unless it can pass both the authentication and authorization stages. A permanent agent resides on a device permanently.
Which of the steps in the Network Access Control (NAC) implementation process occurs once the policies have been defined?
Apply The third step in implementing NAC is to apply the policies. This occurs after the policies have been defined. Planning is the first step in the NAC implementation process and needs to be done before defining the policies. Review is the final step in the NAC implementation process. As business needs change, the process must be reviewed to determine whether changes are required. Testing is not a step in the NAC implementation process.
Which of the following defines all the prerequisites a device must meet in order to access a network?
Authentication Authentication defines all the prerequisites a device must meet in order to access a network. These criteria are detailed for such things as anti-malware, OS, and patch level. Authorization looks at the authentication information and applies the appropriate policies to provide the device with the access it's defined to receive. Zero-trust security means nothing is trusted unless it can pass both the authentication and authorization stages. Identity Services Engine (ISE) is Cisco's NAC solution.
Which of the following applies the appropriate policies in order to provide a device with the access it's defined to receive?
Authorization Authorization looks at the authentication information and applies the appropriate policies in order to provide a device with the access it's defined to receive. Authentication defines all the prerequisites a device must meet in order to access a network. These criteria are detailed for such things as anti-malware, OS, patch level, and so on. Zero-trust security means nothing is trusted unless it can pass both the authentication and authorization stages. Identity Services Engine (ISE) is Cisco's NAC solution.
Which of the following NAC agent types creates a temporary connection?
Dissolvable A dissolvable agent is downloaded, or a temporary connection is established. The agent is removed once the user is done with it. The user has to download or connect to the agent again if it is needed. An agentless agent is housed on the domain controller. This is not the most convenient type of agent. Zero-trust security means nothing is trusted unless it can pass both the authentication and authorization stages. A permanent agent resides on a device permanently.
What is Cisco's Network Access Control (NAC) solution called?
Identity Services Engine (ISE) Network Access Control (NAC) is not a product; it is a process. Many companies implement products that utilize the NAC process. Cisco's solution is called Identity Services Engine (ISE). Talos is the name of Cisco's security threat intelligence team. Network Access Protection is Microsoft's NAC solution. Network Address Translation (NAT) translates multiple private addresses into a single registered IP address.
You are configuring the security settings for your network. You have decided to configure a policy that requires any computer connecting to the network to run at least Windows 10 version 2004. Which of the following have you configured?
NAC Network Access Control (NAC) is a policy-driven control process that allows or denies network access to devices connecting to a network. For example, you may want to have policies that require connecting devices to meet certain criteria, such as having a particular version of Windows, the latest antivirus definitions, or Windows Firewall enabled. Network Address Translation (NAT) translates multiple private addresses into a single registered IP address. Network Access Protection (NAP) is Microsoft's NAC solution. Identity Services Engine (ISE) is Cisco's NAC solution.
Which of the following BEST describes zero-trust security?
Only devices that pass both authentication and authorization are trusted. Network Access Control (NAC) is usually accomplished using a two-stage process of authentication and authorization. If the requirements for either of these stages is not met, the access request is denied. This if often referred to as zero-trust security, meaning nothing is trusted unless it can pass both the authentication and authorization stages.
Which of the following NAC agent types is the most convenient agent type?
Permanent A permanent agent resides on a device permanently. This is the most convenient agent since it does not have to be renewed and can always run on the device. It is also known as a persistent agent. A dissolvable agent is downloaded, or a temporary connection is established. This is not the most convenient type of agent. An agentless agent is housed on the domain controller. This is not the most convenient type of agent. Zero-trust security means nothing is trusted unless it can pass both the authentication and authorization stages.
You are part of a committee that is meeting to define how Network Access Control (NAC) should be implemented in the organization. Which step in the NAC process is this?
Plan Planning is the first step in the NAC implementation process. In this step, a committee should convene and make decisions that define how NAC should work. The third step in implementing NAC is to apply the policies. This occurs after the policies have been defined. Review is the final step in the NAC implementation process. As business needs change, the process must be reviewed to determine whether changes are required. Define is the second step in the NAC implementation process. After the committee has decided how NAC should work, the roles, identities, and permissions (policies) must be defined.