A security architect is setting up their demilitarized zone to place one firewall on each side. What is this type of configuration called?

The configuration described, where a security architect places one firewall on each side of a demilitarized zone (DMZ), is referred to as a screened subnet. This setup is designed to enhance security by creating a buffer area between the internal network and the external network (the internet). The DMZ typically houses public-facing services such as web servers, email servers, or FTP servers, which need to be accessible from the outside while still being protected from potential threats.

By using a screened subnet approach, the architect ensures that external traffic must pass through the first firewall, which filters requests and limits access to the DMZ. Then, traffic is further filtered by a second firewall before it reaches the internal network. This multilayered defense provides additional security by segmenting public-facing services from the more sensitive internal network, effectively reducing the risk of attacks penetrating into the core infrastructure.

This design contrasts with other options. Staging environments are typically used for testing and development and do not pertain to the security architecture of a DMZ. ACLs, or access control lists, are a set of rules used to control network traffic but do not describe a specific architectural configuration like a DMZ. Peer-to-peer refers to a decentralized communications model where each party in the