Which of the following would be the MOST secure firewall system?

A. Screened-host firewall

B. Screened-subnet firewall

C. Dual-homed firewall

D. Stateful-inspection firewall

Explanation:

A screened-subnet firewall, also used as a demilitarized zone (DMZ), utilizes two packet filtering routers and a bastion host. This provides the most secure firewall system, since it supports both network- and application-level security while defining a separate DMZ network. A screened-host firewall utilizes a packet filtering router and a bastion host. This approach implements basic network layer security (packet filtering) and application server security (proxy services). A dual- homed firewall system is a more restrictive form of a screened-host firewall system, configuring one interface for information servers and another for private network host computers. A stateful-inspection firewall working at the transport layer keeps track of the destination IP address of each packet that leaves the organizations internal network and allows a reply from the recorded IP addresses.