Network Access Control Implementation

Questions and Answers

What is the primary reason SecureBank decided to implement Network Access Control (NAC)?

• To reduce the number of remote employees in the company.
• To enhance management and security of network access. (correct)
• To eliminate third-party vendors from the network.
• To increase the number of devices that can connect to the network.

What was one of the key requirements that SecureBank wanted to achieve with NAC?

• Authenticate users and devices before allowing access. (correct)
• Increase the number of guest users without restrictions.
• Enable automatic device connection regardless of compliance.
• Provide unrestricted access to all employees.

Which of the following was a challenge faced by SecureBank prior to implementing NAC?

• All devices were compliant with security policies.
• A lack of visibility and control over connected devices. (correct)
• Temporary access was available for all users.
• Too many employees had access to sensitive resources.

What type of access did SecureBank aim to provide for third-party contractors?

Guest access only to designated resources. (B)

How did SecureBank's IT team plan to ensure device compliance?

By checking devices for security compliance before granting access. (C)

Which issue highlighted the risk of unauthorized device access at SecureBank?

Personal devices could connect without meeting security requirements. (B)

What aspect of third-party vendors' access posed a challenge for SecureBank?

There was no authentication process for their access. (B)

What was a significant risk associated with inconsistent security policies at SecureBank?

Devices with outdated software could connect, compromising security. (C)

What was the primary reason SecureBank selected Cisco Identity Services Engine (ISE) as their NAC solution?

Compatibility with existing infrastructure (A)

Which of the following access policies is NOT defined for employee devices?

Must be company-issued devices (C)

What authentication method was used for devices that do not support 802.1X?

MAC Authentication Bypass (MAB) (D)

Which feature of Cisco ISE ensures only compliant devices can access the network?

Posture assessment (C)

What happens to devices that fail the posture assessment?

They are quarantined or denied access (A)

What type of access do guest users receive in SecureBank's network?

Internet access via a separate VLAN (C)

During the pilot test, which issue was identified with personal devices?

Failed posture assessment due to outdated antivirus software (A)

What improvement was NOT achieved after implementing the NAC system?

Lower network operation costs (C)

What role does network segmentation play in SecureBank's NAC implementation?

It segregates different user groups with specific access policies (A)

Which of the following statements about the guest portal is true?

Users must register for temporary login credentials (C)

What does the term 'device posture assessment' refer to in SecureBank's NAC implementation?

The compliance of devices with security requirements (D)

What was one of the outcomes of implementing the NAC system?

Seamless user experience for device authentication (B)

What type of devices were required to have enabled firewalls as per the posture assessment?

All devices seeking network access (D)

How did SecureBank's IT team define access policies?

In conjunction with company leadership (C)

Flashcards are hidden until you start studying

Study Notes

SecureBank's Network Access Control Implementation

• SecureBank faced challenges managing its network access with a diverse mix of employees, vendors, and devices.
• Key issues included lack of visibility and control over device connections, unauthorized access, and no enforcement of security policies.
• SecureBank chose Cisco Identity Services Engine (ISE) as their NAC solution due to its compatibility with their existing Cisco infrastructure and comprehensive features.
• The implementation involved defining access policies for employees, personal devices (BYOD), third-party vendors, and guest users, with varying levels of access and security requirements.
• Authentication methods including 802.1X, MAC Authentication Bypass (MAB), and a web-based guest portal were implemented to secure network access.
• Device posture assessment ensured device compliance by checking for antivirus status, operating system patches, and firewall status.
• Non-compliant devices were quarantined or denied access, with users directed to instructions for regaining access.
• The network was segmented into VLANs for employees, vendors, guests, and quarantined devices.
• A pilot test was conducted before full deployment, identifying and resolving issues.
• The successful implementation of NAC resulted in enhanced security, improved visibility, seamless user experience, automated compliance enforcement, and role-based access control.
• SecureBank's case study highlights the benefits of NAC in securing a network by controlling access, enforcing compliance, and improving overall security posture.