Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

Your organization has deployed a three-tier web application in a public cloud. Web servers sit in a public subnet behind a load balancer, while application and database servers reside in a private subnet that currently has no inbound rules. Administrators must occasionally use SSH from the corporate network to manage the private servers, but security policy forbids exposing SSH from the Internet. Which network security control best satisfies the requirement while minimizing the private subnet's attack surface?

  • Deploy a hardened bastion (jump) host in a small public or dedicated management subnet and require administrators to SSH to private servers through it

  • Install host-based intrusion detection systems on all private instances to block unauthorized SSH attempts

  • Place a honeypot in the private subnet to attract and contain external attackers

  • Add an inbound security group rule permitting SSH from any source to the private subnet during approved maintenance windows

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Security Operations
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot