# Secure Administration and Out-of-Band (OOB) Access One-sentence definition: Protect admin activities and maintain access during incidents/outages. ## Key Facts - Tiered admin model; dedicated jump hosts/bastions; MFA required. - Separate admin workstations; restrict internet; record sessions. - OOB network for management (console servers, IPMI/ILO hardened). - Break-glass accounts in vault; periodic tests; short-lived use. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose OOB + bastions to manage securely under stress. **Mnemonic:** “**Admin** on a **rail**.” ## Mini Scenario Q: Ransomware jams domain; how to regain control? A: Use OOB/bastion and break-glass accounts to start recovery. ## Revision Checklist - Two admin protections. - OOB purpose. - Break-glass rule. ## Related [[Privileged Access Management (PAM) and JIT JEA]] · [[Account Recovery and Break-Glass Procedures]] · [[Incident Response Lifecycle (NIST-Style)]] · [[IdP Hardening and High Availability]] · [[Identity Resilience and DR]] · [[Domain 7 - Index]]