ISC2 Certified Cloud Security Professional (CCSP) Practice Question
A cloud operations team must restrict and monitor interactive management-plane access to hypervisors that host multiple tenant VMs in an IaaS environment. Which security control will most effectively reduce the risk of administrator account compromise while still allowing required maintenance tasks to be performed from the corporate network?
Place the hypervisor management interfaces in a separate VLAN that is not advertised to tenant networks.
Route all administrator sessions through a dedicated jump server that requires multi-factor authentication before allowing SSH or RDP to the hypervisors.
Enable SNMPv2c on each hypervisor and restrict community strings to read-only.
Forward all hypervisor syslog messages to the corporate SIEM for correlation and alerting.
Placing a hardened jump (bastion) host inside a restricted management subnet and requiring administrators to authenticate to it with multi-factor authentication creates a single, well-defended choke point for all console and SSH/RDP sessions to the hypervisors. This limits the exposed attack surface, enforces strong authentication, and enables centralized logging of every administrative action.
VLAN segmentation alone isolates traffic but does not add strong authentication or detailed audit trails. Enabling SNMPv2c on the hypervisors provides basic monitoring but uses weak community-string security and does nothing to control logon access. Forwarding hypervisor syslog messages to a SIEM improves detection after the fact but does not prevent unauthorized logons. Therefore, the bastion host with MFA is the most effective preventive control for this scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a jump server or bastion host?
Open an interactive chat with Bash
Why is multi-factor authentication (MFA) important for administrative access?
Open an interactive chat with Bash
How does centralized logging improve security in this setup?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Platform & Infrastructure Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .