What is a key feature of a single firewall DMZ?

A single firewall DMZ (Demilitarized Zone) typically consists of three network interfaces, which is a crucial aspect of its architecture. The three interfaces usually include one connected to the internal network, another connected to the external network (internet), and the third one that serves the DMZ itself. This setup allows the firewall to segregate traffic effectively between these different zones, enhancing security by controlling the flow of data between the trusted internal network, the less trusted DMZ, and the untrusted external network.

Having this division is vital because the DMZ hosts public-facing services—such as web servers, email servers, or DNS—that need to be accessible from the outside while still protecting the internal network from direct access by external entities. By channeling the traffic through the firewall and utilizing these three interfaces, an organization can implement tailored security policies to adequately filter, inspect, and control access to and from each of these zones.

The other options do not correctly describe the configuration or requirements of a single firewall DMZ. For instance, using a single firewall does not imply that multiple firewalls are needed for maximum security; indeed, the focus is on the effective configuration of the single firewall. Furthermore, a DMZ cannot operate without any firewall, as