Exam CISSP topic 1 question 277 discussion

A Baiston host is like a gatekeeper of your private network that verify your ID

B. Install a bastion host in the demilitarized zone (DMZ) and allow multi-factor authentication (MFA) access. Here's why: 1. Bastion Host: A bastion host is a dedicated server that acts as a secure gateway for remote access to internal network resources. Placing a bastion host in the DMZ provides an additional layer of security, as it separates external and internal networks. Remote access would be first directed to the bastion host, and only authorized users with the appropriate credentials and permissions would be able to access the internal resources from there. 2. Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring users to provide multiple forms of authentication, such as a password and a one-time authentication code (e.g., from a mobile app or hardware token). This makes it more difficult for unauthorized individuals to gain access, even if they have the user's password.

B Install a bastion host in the demilitarized zone (DMZ) and allow multi-factor authentication (MFA) access.

why on earth would anyone place a jump box to a DMZ? that's a pretty bad security practice. Use VPN, connect to jump host in an internal management network and from there manage the infrastructure.

Bastion hosts are the bad practice nowadays.

C. The question states that the employee travels globally. "You can access your website or server from anywhere in the world without worrying about changes to your IP address." https://www.paloaltonetworks.com/cyberpedia/what-is-dynamic-dns#:~:text=Dynamic%20DNS%2C%20or%20DDNS%2C%20is,changes%20to%20your%20IP%20address. https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-DDNS-for-SSL-VPN/ta-p/194137

B. is correct

I think DDNS is normally used in homes, not businesses. I think I with B. Configure Bastion host with Public IP and connect via SSH over the internet.

I think B is correct. This is similar to a jump box.