Comprehensive and Detailed Explanation From Exact Extract:
Network Access Control (NAC) evaluates the posture of a device before allowing access to the network. It can enforce security policies, authenticate users and devices, and isolate or remediate non-compliant devices.
NAC is widely used in enterprise environments to secure access at the network edge, such as in guest or public areas.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Access Control and Posture Assessment":
"NAC provides device authentication, security posture validation, and can enforce automated remediation or quarantine actions based on policy compliance." Other options:
* A. IPS detects and prevents known threats but does not perform access control or posture checks.
* B. Microsegmentation isolates workloads but lacks posture checks and auto-remediation.

Comprehensive and Detailed Explanation From Exact Extract:
A mesh topology allows every site to connect directly to every other site, enabling the shortest and lowest- latency path between locations. This is ideal for SD-WAN deployments that must minimize latency for inter- site communication globally. In contrast, hub-and-spoke models force all traffic through a central hub, increasing latency.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "WAN Technologies and Topologies":
"Mesh topologies offer direct connectivity between all participating sites, reducing latency and avoiding single points of failure. They are optimal for SD-WAN deployments requiring performance and resilience." Other options:
* A. Star topology routes all traffic through a central node, introducing latency.
* B. Spine-and-leaf is used in data center architectures, not global WANs.
* D. Hub-and-spoke centralizes routing and increases latency between remote sites.
A full-mesh SD-WAN topology allows each site to establish direct overlays with every other site, minimizing the number of hops and avoiding backhauling through a central hub, thereby delivering the lowest latency paths between Asia, Europe, and the US.

A full-mesh topology provides multiple redundant, direct paths between every site, eliminating single points of failure, ensuring consistent transmission even if one or more links fail, and maximizing overall availability.

CI/CD pipelines: Automate the provisioning and configuration of network baselines across all environments, and make it easy to roll out updates consistently.
Public code repository: Enables your community of practice to collaborate, review, and contribute to shared IaC modules and templates, while making updates discoverable and reusable.

By explicitly permitting only known, approved traffic and blocking everything else by default, an allow-list policy enforces the strictest firewall posture.