CompTIA Cloud+ (CV0-002) — Question 41

A cloud administrator is configuring a bastion host. The bastion host will be used to administer systems in the cloud remotely from the administrator's on-premises desktop. The administrator is given the following requirements:
✑ Ensure port 22 is open on the host and only allow the public IP of the on-premises router/firewall.
✑ Ensure port 3389 is open on the host and only allow the public IP of the on-premises router/firewall.
✑ Harden these services with PKI (where applicable).
Given this scenario, which of the following should the administrator utilize to BEST address these requirements? (Choose three.)

Answer options

• A. RDP protocol from the desktop to the bastion host
• B. Telnet protocol from the desktop to the bastion host
• C. SSH protocol from the desktop to the bastion host
• D. MD5 and RC4 with a signed certificate
• E. RSA and AES with a signed certificate
• F. Blowfish and SHA-1 with a signed certificate
• G. VNC protocol from the desktop to the bastion host

Correct answer: A, C, D

Explanation

The correct options are A, C, and D because RDP and SSH are secure protocols suitable for remote administration, and MD5 and RC4 with a signed certificate provide a way to harden these connections. Telnet is not secure (B), while RSA and AES (E) and Blowfish and SHA-1 (F) are not options provided in the requirements for hardening services effectively.