CompTIA CASP+ (CAS-004) — Question 513

A company wants to improve the remote access process it uses for systems administrators who perform troubleshooting. Currently, troubleshooting is performed via SSH to the affected system and controlled by a border ACL. In order to SSH to a system, systems administrators must first log in to the VPN and then use a password-protected SSH key that is unique to each server. Which of the following should the company implement to improve this process and reduce the attack surface? (Choose two.)

Answer options

• A. MFA
• B. Jump box
• C. Air gap
• D. Firewall
• E. NAT gateway
• F. DDoS protection

Correct answer: A, B

Explanation

Implementing MFA (Multi-Factor Authentication) adds an additional layer of security beyond just a password, making unauthorized access more difficult. A Jump box serves as a secure intermediary for accessing systems, reducing the attack surface by limiting direct access to critical servers. The other options, while beneficial for various security purposes, do not specifically address improving remote access for troubleshooting in the context given.