The best answer is C. Configure a NAC solution to enforce 802.1X authentication with device certificates and implement endpoint security checks.
NAC (Network Access Control) is used to verify devices before granting them access to the network. A strong NAC deployment should validate both identity and security posture. Enforcing 802.1X authentication ensures that devices must authenticate before connecting, and using device certificates strengthens trust in the device itself. Endpoint security checks add posture assessment, such as confirming antivirus, patch level, or compliance state.
This is the most secure and effective approach because it prevents unauthorized or noncompliant devices from joining the network in the first place.
Why the other options are incorrect:
A. Deploy a NAC solution to block wireless connections until devices can be verified against the baseline configuration.This only addresses wireless access and is too limited. Unauthorized devices could still attempt access in other ways.
B. Set the NAC solution to only accept handshakes initiated from a static set of IP addresses.IP addresses are not a reliable basis for device trust and can be spoofed or reassigned.
D. Implement a NAC solution that redirects all devices to the guest Wi-Fi for holding until a security analyst can validate the security compliance.Redirecting all devices is not practical or efficient, and guest Wi-Fi is not the best control for secure admission.
From a Security+ perspective, the strongest NAC implementation uses 802.1X, certificates, and posture assessment, making C correct.
