Certified Information Systems Security Professional (CISSP) — Question 146

An organization would like to secure a trusted and untrusted network. One of the requirements is to provide access to the trusted network from a few of the hosts from the untrusted network. Which of the following is the BEST device or system that should be deployed to enable this capability?

Answer options

• A. Router
• B. Bastion host
• C. Forward proxy host
• D. Intrusion detection system (IDS)

Correct answer: B

Explanation

A Bastion host is specifically designed to serve as a secure gateway between trusted and untrusted networks, making it the best choice for allowing controlled access. Routers primarily manage network traffic and do not inherently provide security features for cross-network access. Forward proxy hosts facilitate web traffic but do not secure the networks themselves, while an Intrusion Detection System (IDS) focuses on monitoring and detecting threats rather than enabling access.