Question

Angela is designing her organization's data center network and wants to establish a secure zone and a DMZ. If Angela wants to ensure that user accounts and traffic that manage systems in the DMZ are easily auditable and that all access can be logged while helping prevent negative impacts from compromised or infected workstations, which of the following solutions is Angela's best design option?

A. Administrative virtual machines run on administrator workstations
B. A jump host
C. A bastion host
D. Use ssh or RDP from administrative workstations

Answer 1

The best design option for Angela is to use a bastion host to establish a secure zone and a DMZ.

Step-by-step explanation:

The best design option for Angela to establish a secure zone and a DMZ while ensuring easy auditing of user accounts and traffic management is a bastion host. A bastion host is a dedicated server that acts as a bridge between the public internet and a private network, providing secure access to systems in the DMZ. It allows for centralized control and logging of all access to the DMZ, making it easy to track user activity and monitor for any potential threats.

By using a bastion host, Angela can effectively control and monitor access to systems in the DMZ, while also reducing the risk of compromised or infected workstations impacting the network. Administrative virtual machines on workstations could be one possible solution, but it may not provide the same level of centralized control and logging as a dedicated bastion host.

In summary, Angela's best design option is to utilize a bastion host to establish a secure zone and a DMZ, ensuring easy auditing and centralized control of user accounts and traffic management.