Final answer:
When a Network Access Control (NAC) system detects a vulnerable endpoint, it does not provide unrestricted access as it would conflict with its purpose of maintaining network security. Instead, it can quarantine, isolate, or block the endpoint.
Step-by-step explanation:
Network Access Control (NAC) systems are used to enforce security policies on endpoints (devices) that attempt to access network resources. The goal is to prevent unauthorized or compromised devices from connecting to a network. When a NAC system detects a vulnerable or non-compliant endpoint, it typically has a few actions it can take:
- Quarantine the endpoint - limiting the endpoint's network access to only certain resources to prevent any potential spread of harm.
- Isolate the endpoint - completely segregating the endpoint from network communication.
- Block network access for the endpoint - denying the endpoint any access to the network.
However, allowing unrestricted access to the endpoint is NOT among the actions typically taken by a NAC when it detects a vulnerable endpoint. This option would contradict the primary purpose of a NAC to maintain the network's security integrity.