Which of the following is the MOST secure firewall implementation?

A.
Dual-homed host firewalls

B.
Screened-subnet firewalls

C.
Screened-host firewalls

D.
Packet-filtering firewalls

Explanation:
A screened-subnet architecture is the most secure solution as it adds another layer of security to the screenedhost architecture, which in turn is more secure than both Dual-homed host firewalls and Packet-filtering
firewalls.
Incorrect Answers:
A: Dual-homed host firewalls are less secure compared to screened-host firewall.
C: Screened-host firewalls are less secure compared to Screened-subnet firewalls, as the screened-subnet
architecture is missing.
A screened host is a firewall that communicates directly with a perimeter router and the internal network.
D: A packet-filtering firewall is part of a screened-host firewall architecture, but is less secure as the screenedhost firewall is missing.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 646