Bastion Host

Question 1

Is the bastion host located in a public or private subnet?

Answer 1

In the public subnet

Question 2

What does a bastion host allow you to do?

Answer 2

allows you to connect to your EC2 instances in a private subnet using RDP or SSH

Question 3

How is a bastion host used?

Answer 3

Log into the bastion host from your desktop. Then from the bastion host, log into your EC2 instances that reside in the private subnet.

Question 4

What is a common nickname given to bastion hosts?

Answer 4

jump box

Question 5

True or False: It’s best practice to allow all IP addresses to reach your bastion host so you can work from anywhere?

Answer 5

False. Lock down the host to only known IP addresses.

Question 6

What are the two most likely ports that should be open to a bastion host?

Answer 6

22 (SSH), 3389(RDP)

Question 7

What is the difference between SSH and RDP

Answer 7

• SSH is most common for Linux command line access

- RDP allows for access to an OS user interface in Linux or Windows.

Question 8

True or False: You connect to a bastion host over the internet?

Answer 8

True: Since the Bastion host lives in a public subnet, it can be reached from the internet. Follow security best practices.

Question 9

Does a Bastion host allow your private subnet instances outbound access to the internet?

Answer 9

No. Bastion does not enable outgoing requests from instances.