Your company is planning on using bastion hosts for administering the servers in AWS.
Which of the following is the best description of a bastion host from a security perspective?
A . A Bastion host should be on a private subnet and never a public subnet due to security concerns
B . A Bastion host sits on the outside of an internal network and is used as a gateway into the private network and is considered the critical strong point of the network
C . Bastion hosts allow users to log in using RDP or SSH and use that session to S5H into internal network to access private subnet resources.
D . A Bastion host should maintain extremely tight security and monitoring as it is available to the public
Answer: C
Explanation:
A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer.
In AWS, A bastion host is kept on a public subnet. Users log on to the bastion host via SSH or RDP and then use that session to manage other hosts in the private subnets.
Options A and B are invalid because the bastion host needs to sit on the public network. Option D is invalid because bastion hosts are not used for monitoring For more information on bastion hosts, just browse to the below URL: https://docsaws.amazon.com/quickstart/latest/linux-bastion/architecture.htl
The correct answer is: Bastion hosts allow users to log in using RDP or SSH and use that session to SSH into internal network to access private subnet resources. Submit your Feedback/Queries to our Experts
Leave a Reply