Jack wants to deploy a network access control (NAC) system that will stop systems that are not fully patched from connecting to his network. If he wants to have full details of system configuration, antivirus version, and patch level, what type of NAC deployment is most likely to meet his needs?
Answer Options
Agentless, preadmission
Agent- based, preadmission
Agentless, postadmission
Agent- based, postadmission
Correct Answer: B
Explanation
An agent-based, preadmission system will provide greater insight into the configuration of the system using the agent, and using a preadmission model will allow the system configuration to be tested before the system is allowed to connect to the network. Agentless NAC uses scanning and/or network inventory techniques and will typically not have as deep a level of insight into the configuration and software versions running on a system. Postadmission systems make enforcement decisions based on what users do after they gain admission to a network, rather than prior to gaining admission, allowing you to quickly rule out two of these options.