Answer-first summary for fast verification
Answer: Remove the external IP address and use a bastion host to access internal-only resources.
The correct answer is **B** because it aligns with best practices by removing external IP addresses to prevent internet reachability and utilizing a bastion host for secure access. Bastion hosts act as a secure gateway into a network with private instances, offering a fortified entry point that can be controlled to allow or deny SSH communications from the internet. This method ensures secure access to instances without external IPs, such as development environments or database instances, without the need for additional firewall rules. Key security measures include limiting the CIDR range for source IPs, configuring firewall rules to restrict SSH traffic to private instances from the bastion host only, and employing ssh-agent forwarding for authentication to enhance security.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
To minimize external exposure while enabling remote maintenance access to internal backends, which strategy should your company adopt?
A
Hide the external IP address behind a load balancer and restrict load balancer access to the internal company network.
B
Remove the external IP address and use a bastion host to access internal-only resources.
C
Remove the external IP address and have remote employees dial into the company VPN connection for maintenance work.
D
Remove the external IP address and use Cloud Shell to access internal-only resources.
No comments yet.