An organization wants to ensure that only devices that meet security policies can connect to the network. Which technology should be deployed?
NAC controls network access based on device compliance.
Why this answer
Network Access Control (NAC) is the correct technology because it enforces security policies by assessing the compliance of devices (e.g., patch level, antivirus status, OS version) before granting network access. NAC can quarantine non-compliant devices, redirect them to a remediation network, or block them entirely, ensuring only authorized and policy-compliant endpoints connect.
Exam trap
The trap here is confusing NAC with a firewall or IDS, as candidates often think a firewall's access control lists (ACLs) are sufficient for device compliance, but NAC specifically performs pre-admission posture checking that firewalls cannot do.
How to eliminate wrong answers
Option A is wrong because a firewall controls traffic between network segments based on IP addresses, ports, and protocols, but it does not assess the security posture of individual devices before allowing them onto the network. Option B is wrong because a Security Information and Event Management (SIEM) system collects and analyzes logs from various sources for threat detection and incident response, but it does not enforce pre-connection device compliance. Option C is wrong because an Intrusion Detection System (IDS) monitors network traffic for malicious activity and alerts administrators, but it cannot block or conditionally allow devices based on security policy checks at the point of connection.