Exam SY0-701 topic 1 question 579 discussion

internal jump server provides a way to access internal systems, it doesn't necessarily restrict access at the network level. Firewall rules are the more appropriate choice to meet segmentation and access control requirements, which is an effective way to meet compliance audit requirement no?

isolated and authorized internal systems are the key words.

By using a jump server, you can restrict access to sensitive internal resources, ensuring that only authorized users can access the servers after authenticating through the jump server.

A. Configure firewall rules to block external access to internal resources. Explanation: Network segmentation ensures that only authorized internal systems can access specific servers while preventing unauthorized access. Firewall rules can enforce this by blocking external access and allowing only approved internal traffic. This approach aligns with compliance audit requirements by implementing strict access controls and reducing the attack surface. Why Not the Other Options? B. Set up a WAP to allow internal access from public networks → A Wireless Access Point (WAP) extending access from public networks is insecure and contradicts the goal of segmentation. C. Implement a new IPSec tunnel from internal resources → IPSec tunnels encrypt traffic, but they do not inherently segment networks. Segmentation is about access control, not just encryption. D. Deploy an internal jump server to access resources → A jump server can centralize access, but without network segmentation, unauthorized traffic could still reach sensitive systems.

D - Deploy an internal jump server to access resources.