A service organization is undergoing a SOC 2® engagement. The auditor observes that the organization uses a 'bastion host' or 'jump box' to access the production network. What is the primary security purpose of this component?

Answer options:

To load balance web traffic across multiple servers.

To provide a single, hardened point of entry for administrators to access the internal network from the internet.

To encrypt database fields at rest.

To detect malware in email attachments.

How to approach this question

Identify the function of a 'jump box'. It's a bridge. You jump to it, then jump inside.

Full Answer

B.To provide a single, hardened point of entry for administrators to access the internal network from the internet.✓ Correct

A bastion host is a server purpose-built to withstand attacks. It is placed in the DMZ or at the network edge. Administrators connect to it (usually via SSH/VPN) and then connect to internal servers. This prevents direct exposure of internal servers to the internet.

Common mistakes

Confusing bastion hosts with firewalls or load balancers.

Question 24 All questions Question 26

Practice the full CPA ISC Practice Exam

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...Hard Q02During a walkthrough of a client's change management process, the auditor notes that developers h...Hard Q03A service organization provides a real-time transaction processing platform. The service level ag...Hard Q04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...Hard Q05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard

View all 82 questions →