A bastion host should be placed:
A bastion host should be placed:
A bastion host should be placed inside the DMZ (Demilitarized Zone). The DMZ is a buffer zone between the internet and the internal network, providing an additional layer of security by exposing external-facing services while keeping the internal network isolated. This placement allows the bastion host to act as a secure and controlled access point for external clients, preventing direct access to internal resources.
DMZ allows not to give direct access to internal resources
bastion host to be isolated in the network