Question 1 - Refreshed CompTIA Security Plus SY0-701 Exam Practice Dumps | Pass on First Attempt

Q: 1

An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?

Options

Discussion

AmeliaP Feb 12, 2026 7:56 am

Probably B. A jump server is set up specifically to control and monitor access into a more sensitive zone, so only authorized users get through. RDP or proxy servers don't provide that choke point for internal access, and hypervisor isn’t really about access control in this context. Pretty sure B is the best fit but open to other views.

Jamie V. Feb 23, 2026 12:14 am

Makes sense to go with B here. Jump servers are specifically used to control and monitor internal access, unlike proxies that just filter internet traffic. Pretty sure that's what the question is after.

Chris W. Feb 18, 2026 1:25 am

B, not C. Proxy is tempting but jump server actually controls internal resource access best here.

Casey J. Feb 8, 2026 11:03 pm

B tbh. Jump server is exactly what you use to gate access to sensitive internal resources, not just filter web traffic like a proxy would. Pretty sure that's the core security layer they're asking for here, but correct me if you see it another way.

Hannah Feb 24, 2026 4:53 am

Probably C. Proxy server can act as an intermediary so it seems like it'd prevent direct access to internal resources, right? I'm aware B is popular in practice exams but C trips me up every time.

Aisha I. Feb 8, 2026 6:48 am

Option B. Proxy is a common distractor but really only filters web, not internal resource access.

Sean K. Feb 22, 2026 1:41 am

B , that's what I see in practice exams and the official Security+ book for these types of internal access questions.

Noah G. Feb 18, 2026 8:50 pm

I don’t think C fits since proxies mostly handle web traffic, not internal access control. B (jump server) actually sits between users and internal resources, enforcing authentication and segmentation. Pretty sure it’s B, but let me know if you see it another way.

Ishaan M. Feb 21, 2026 4:28 am

I feel like C is a decent pick since a proxy server can filter traffic and block some unwanted access, especially from the internet. But not sure it’s the strongest for actual internal resource protection. Agree or nah?

Jamie Feb 17, 2026 9:42 pm

Probably B-proxy server (C) is a common trap for 'added security', but that's more about web filtering, not preventing access to internal resources directly.

Be respectful. No spam.

Correct Answer:

Explanation

A jump server, also known as a bastion host, is a hardened and monitored device on

the network specifically designed to be the single, controlled access point to other

systems and devices within a separate security zone. It acts as an intermediary,

requiring users to first authenticate to the jump server before they can access other

internal company resources. This creates an added layer of security by reducing the

attack surface and providing a single point for logging and auditing access to sensitive

internal systems.

Why Incorrect

A. RDP server: An RDP server allows remote desktop connections to that specific

server. It does not inherently provide an added layer of security for accessing other

internal resources; rather, it's a destination for access.

C. Proxy server: While proxy servers (especially reverse proxies) can offer security

benefits for specific applications, their primary role is typically to act as an intermediary

for network requests, often for outbound connections or to protect specific web servers.

A jump server is more specialized for secure administrative access to a broader range

of internal systems.

D. Hypervisor: A hypervisor is software that creates and runs virtual machines. While

securing the hypervisor is critical, it is not a solution for providing a controlled access

layer to internal company network resources in the manner described.

References

National Institute of Standards and Technology (NIST)

NIST Special Publication 800-41 Rev. 1, Guidelines on Firewalls and Firewall Policy.

While not directly defining "jump server," it discusses network segmentation and

controlled access points, concepts fundamental to jump server deployment. (Reference

to general architectural principles).

NIST Special Publication 800-125B, Secure Virtual Network Configuration for Virtual

Machine (VM) Protection, Section 3.3, "Bastion Host": "A bastion host is a special

purpose computer on a network specifically designed and configured to withstand

attacks. The computer generally hosts a single application, for example a proxy server,

and all other services are removed or limited to reduce the threat to the computer." This

describes the hardened nature of a jump server/bastion host.

URL: https://csrc.nist.gov/publications/detail/sp/800-125b/final

Amazon Web Services (AWS)

AWS Documentation, Security > AWS Well-Architected Framework > Security Pillar

> Design Principles > Secure network infrastructure > Restrict access > Use bastion

hosts (jump boxes). This section explicitly details the use of bastion hosts (jump

servers) to securely access private network resources.

URL (General concept, specific page might vary): AWS often describes bastion

hosts in relation to EC2 and VPC security best practices. A relevant conceptual page

is: https://aws.amazon.com/blogs/security/how-to-record-ssh-sessions-establishedthrough-a-bastion-host/ (This article describes its use, implicitly defining its role as a

secure gateway).

AWS Documentation, Linux Bastion Hosts on AWS (Quick Start Reference Deployment).

This guide details deploying a bastion host architecture.

URL: https://aws.amazon.com/quickstart/architecture/linux-bastion/ (The architecture

itself demonstrates the added security layer).

Microsoft Azure

Microsoft Azure Documentation, What is Azure Bastion?. "Azure Bastion is a service you

deploy that lets you connect to a virtual machine using your browser and the Azure

portal, or via the native SSH or RDP client already installed on your local computer.

The Azure Bastion service is a fully platform-managed PaaS service that you provision

inside your virtual network. It provides secure and seamless RDP/SSH connectivity to

your virtual machines directly in the Azure portal over TLS... When you connect via

Azure Bastion, your virtual machines don't need a public IP address, agent, or special

client software."

URL: https://learn.microsoft.com/en-us/azure/bastion/bastion-overview

IEEE Xplore

Zhu, Y., & Gao, H. (2021). A Secure Remote Access Scheme for Industrial Control

Systems Based on Bastion Host and MFA. IEEE Access, 9, 73426-73437. "The bastion

host acts as a gateway, providing a single point of entry to the internal network, thereby

enhancing security by isolating critical systems." (Section I, Introduction).

DOI: https://doi.org/10.1109/ACCESS.2021.3080899

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE