Exam SY0-701 topic 1 question 22 discussion

Implementing a bastion host: A bastion host is a highly secured server located on a perimeter network (also known as a DMZ) that is designed to withstand attacks. It acts as a gateway between internal and external networks, allowing access only to specific services and applications. Users must authenticate themselves to the bastion host before accessing internal resources. This option provides a controlled entry point into the internal network, reducing the attack surface.

Implementing a bastion host is the most secure method for providing administrative access to internal resources while minimizing traffic through the security boundary. It ensures controlled, monitored, and hardened access, aligning with best practices for securing administrative workflows.

I thought a bastion would be for external users.

A bastion host is a highly secured server designed to be the single point of entry for administrative access to internal resources. It acts as a gateway, allowing administrators to connect securely to internal systems without directly exposing those systems to the outside world. Only specific, authorized traffic (e.g., SSH or RDP) is allowed, and the bastion host is heavily monitored and hardened against attacks, thus minimizing the traffic allowed through the security boundary.

A bastion host is only to provide access from public to private network. Question is to provide administrative access to internal resources. This excludes bastion host. Only response is WAF

The bastion host serves as a hardened gateway, where all administrative access to the internal network is funneled. This limits the exposure of the internal network to only a single, secure entry point. Security Features: Bastion hosts are typically configured with strong security measures, such as multi-factor authentication, logging, and monitoring, to ensure that only authorized users can access internal resources.

Implementing a bastion host provides a highly secure method for administrative access to internal resources while minimizing traffic through the security boundary. It serves as a single entry point for remote administrative access, enforcing strong authentication and access controls before allowing access to internal systems.

A. Implementing a bastion host The keyword in the question that makes option A correct is "minimizing the traffic allowed through the security boundary." Implementing a bastion host allows for strict control over inbound traffic from external networks by acting as a single point of entry. Users connect to the bastion host, and from there, access to internal resources is provided. This setup minimizes the direct traffic flow to internal resources, as all external access is channeled through the bastion host, which can enforce security measures such as authentication, authorization, and logging. This effectively reduces the amount of traffic allowed through the security boundary while still providing access to internal resources for administrative purposes.

so from my understanding the bastion host and jump server are similar if not the name. the bastion host is not on the exam objectives. i think ill still go with A because it is the most secure. maybe its a no credit question?