When a system needs to be exposed to the public Internet, what type of secure system would be used to perform only the desired operations?
When a system needs to be exposed to the public Internet, what type of secure system would be used to perform only the desired operations?
A bastion is a secure system specifically designed to be exposed to the public Internet while performing only the desired operations. It is fortified to withstand potential attacks by having all nonessential services and access removed, focusing security measures solely on its specific duties. This makes it the correct choice for securely carrying out specified operations while being accessible from the Internet. A firewall, on the other hand, is used to control and monitor incoming and outgoing network traffic based on predetermined security rules, and a proxy server serves as an intermediary for requests from clients seeking resources from other servers. A honeypot is a decoy system aimed to detect and study attacks by making itself an attractive target. Thus, the bastion is the most appropriate answer for the given question.
Silly question as you can argue for both A & D, but I think in the context of CCSP, I would go for D
D. Bastion
Wrong! Thats the Job of firewall
D. Bastion A bastion host is a secure system that is exposed to the public Internet and designed to withstand attacks. It is configured to perform only the desired operations and is hardened to resist compromise. Bastion hosts are typically used as gateways or intermediaries to provide access to internal network resources while minimizing the security risks associated with direct exposure to the Internet.
A bastion host is a hardened system that is specifically designed to be exposed to the public internet while minimizing security risks. It is configured to perform only essential functions, reducing its attack surface. Bastion hosts are commonly used for secure remote access (e.g., SSH jump servers) or as intermediary systems for accessing internal networks securely. Why Not the Others? A. Firewall → Firewalls control traffic flow and enforce security policies but do not function as publicly exposed operational systems. B. Proxy → Proxies act as intermediaries for network requests but are not standalone hardened systems for direct exposure. C. Honeypot → A honeypot is a decoy system used to attract and analyze attacks, not a secure public-facing system for legitimate operations.