Certified Information Systems Security Professional (CISSP) — Question 110

An information technology (IT) employee who travels frequently to various countries remotely connects to an organization's resources to troubleshoot problems.
Which of the following solutions BEST serves as a secure control mechanism to meet the organization's requirements?

Answer options

• A. Install a third-party screen sharing solution that provides remote connection from a public website.
• B. Install a bastion host in the demilitarized zone (DMZ) and allow multi-factor authentication (MFA) access.
• C. Implement a Dynamic Domain Name Services (DONS) account to initiate a virtual private network (VPN) using the DONS record.
• D. Update the firewall rules to include the static Internet Protocol (IP) addresses of the locations where the employee connects from.

Correct answer: B

Explanation

The correct answer is B because implementing a bastion host with multi-factor authentication (MFA) provides a robust security layer, ensuring only authorized users can access sensitive resources. Option A is not secure as it uses a public website for remote connections, while C's reliance on DONS is less secure than a bastion host. Option D restricts access based on static IP addresses, which can be problematic if the employee travels to new locations.