Certified Chief Information Security Officer (CCISO) — Question 185

A bastion host should be placed:

Answer options

• A. Inside the DMZ
• B. In-line with the data center firewall
• C. Beyond the outer perimeter firewall
• D. As the gatekeeper to the organization's honeynet

Correct answer: A

Explanation

The correct answer is A because a bastion host is specifically designed to be exposed to the internet and is typically placed in the DMZ to handle external traffic securely. Options B and C suggest locations that do not provide the necessary exposure and accessibility, while option D incorrectly positions the bastion host as part of the honeynet rather than as a front-line defense.