Which device facilitates separation of duties in a security architecture?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which device facilitates separation of duties in a security architecture?

Explanation:
Separation of duties means dividing responsibilities so that no single system or person has unchecked control over privileged actions, improving accountability and reducing the risk of misuse. A bastion host fits this role because it is a hardened gateway placed at the security boundary that centralizes and controls privileged access to sensitive systems. By funneling administrator connections through this dedicated, tightly secured machine, authentication, authorization, and auditing for admin tasks are enforced in one controlled point. This isolates privileged management from regular network traffic and hosts, ensuring that critical operations are performed through a monitored, auditable interface. The other devices—firewalls, routers, and intrusion detection systems—serve important network protection functions, but they do not by themselves establish the same controlled, auditable boundary for privileged access.

Separation of duties means dividing responsibilities so that no single system or person has unchecked control over privileged actions, improving accountability and reducing the risk of misuse. A bastion host fits this role because it is a hardened gateway placed at the security boundary that centralizes and controls privileged access to sensitive systems. By funneling administrator connections through this dedicated, tightly secured machine, authentication, authorization, and auditing for admin tasks are enforced in one controlled point. This isolates privileged management from regular network traffic and hosts, ensuring that critical operations are performed through a monitored, auditable interface. The other devices—firewalls, routers, and intrusion detection systems—serve important network protection functions, but they do not by themselves establish the same controlled, auditable boundary for privileged access.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy