CompTIA Security+ (SY0-601) — Question 452

A security analyst is scanning a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

Answer options

• A. Changing the remote desktop port to a non-standard number
• B. Setting up a VPN and placing the jump server inside the firewall
• C. Using a proxy for web connections from the remote desktop server
• D. Connecting the remote server to the domain and increasing the password length

Correct answer: B

Explanation

The correct answer is B because setting up a VPN and placing the jump server inside the firewall significantly enhances security by creating a secure tunnel for remote access. Option A may obscure access but does not provide secure access controls. Option C does not directly address the security of the remote desktop access, and option D, while improving password policies, does not secure the remote access method itself.