Certified Cloud Security Professional – CCSP – Question315

When a system needs to be exposed to the public Internet, what type of secure system would be used to perform only the desired operations?

A.
Firewall
B. Proxy
C. Honeypot
D. Bastion

Correct Answer: D

Explanation:

Explanation: A bastion is a system that is exposed to the public Internet to perform a specific function, but it is highly restricted and secured to just that function. Any nonessential services and access are removed from the bastion so that security countermeasures and monitoring can be focused just on the bastion’s specific duties. A honeypot is a system designed to look like a production system to entice attackers, but it does not contain any real data. It is used for learning about types of attacks and enabling countermeasures for them. A firewall is used within a network to limit access between IP addresses and ports. A proxy server provides additional security to and rulesets for network traffic that is allowed to pass through it to a service destination.