Which network architecture places two firewalls on either side of a demilitarized zone (DMZ) to control traffic between public networks and protected internal networks?

The correct choice involves a screened subnet, which is designed specifically to enhance security in network architecture by placing two firewalls on either side of a demilitarized zone (DMZ). This setup creates a buffer zone that separates the internal network from the public internet, allowing for controlled traffic between the two.

In this architecture, the first firewall sits between the public network and the DMZ, managing incoming traffic and filtering out unauthorized access attempts. The second firewall is positioned between the DMZ and the internal network, serving to safeguard internal resources from potential threats that could arise from the DMZ or public-facing services. This dual-firewall strategy ensures that even if an attacker breaches the DMZ, they still face an additional layer of protection before accessing the internal network.

The concept of a screened subnet is essential in cybersecurity as it creates a more secure environment by allowing certain services to be exposed to the internet while closely monitoring and controlling access to valuable internal resources.

Other choices do not apply to this type of network architecture. For example, a Virtual Network (VNET) refers to a logically isolated network within a cloud environment, which doesn't specifically address the dual-firewall design. Network Access Control (NAC) lists relate to controlling devices that can access the