A cloud administrator is configuring a bastion host. The bastion host will be used to administer systems in the cloud remotely from the administrator’s onpremises desktop. The administrator is given the following requirements:
▪ Ensure port 22 is open on the host and only allow the public IP of the on-premises router/firewall.
▪ Ensure port 3389 is open on the host and only allow the public IP of the on-premises router/firewall.
▪ Harden these services with PKI (where applicable).
Given this scenario, which of the following should the administrator utilize to BEST address these requirements? (Select THREE).
A. RDP protocol from the desktop to the bastion host
B. Telnet protocol from the desktop to the bastion host
C. SSH protocol from the desktop to the bastion host
D. MD5 and RC4 with a signed certificate
E. RSA and AES with a signed certificate
F. Blowfish and SHA-1 with a signed certificate
G. VNC protocol from the desktop to the bastion host
RSA is the most common encryption method used for remote access. In this case, MD5 is not suitable for use.
Answer: A, C, E