A network engineer must perform posture assessments on Cisco ASA remote access VPN clients and control their network access based on the results. What
mode is the Cisco best practice NAC deployment design for this situation?
A.
Layer 2 in-band real IP gateway mode
B.
Layer 2 out-of-band real IP gateway mode
C.
Layer 3 in-band virtual gateway mode
D.
Layer 3 out-of-band virtual gateway mode
Explanation:
https://www.cisco.com/c/en/us/products/collateral/security/nac-appliance-clean-access/product_data_sheet0900aecd802da1b5.html
Passing traffic mode
• Virtual gateway (bridged mode)
• Real IP gateway (routed mode)
Client access mode
• Layer 2 (client is adjacent to the Cisco NAC Server)
• Layer 3 (client is multiple hops from the Cisco NAC Server)
Traffic flow model
• In-band (Cisco NAC Server is always in-line with user traffic)
• Out-of-band (Cisco NAC Server is in-line only during authentication, posture assessment, and remediation)
The following 300-320 PDF and VCE Dumps wiil help you pass the exam successfully: https://www.braindump2go.com/300-320.html