If a firewall is used in a demilitarized zone (DMZ), which of the following best describes its purpose?

The purpose of a firewall in a demilitarized zone (DMZ) is to manage publicly accessible systems while ensuring limited access to internal networks. A DMZ is a subnetwork that is designed to expose external-facing services to an untrusted network, usually the internet, while segregating those services from the internal network. This setup enhances security by allowing access from the outside world to specific resources—such as web servers, email servers, or FTP servers—while protecting the internal network from direct exposure.

By managing these publicly accessible systems, the firewall acts as a barrier that regulates the flow of traffic between the public and internal networks, allowing only specified and necessary communication. This minimizes the risk of unauthorized access to sensitive internal resources while still providing the needed access for users from the public internet.

In contrast, restricting all incoming connections might prevent legitimate users from accessing essential services that are hosted in the DMZ. Facilitating connections in a trusted home network, on the other hand, refers to a different context that does not apply to the role of a DMZ. Allowing all network connections would defeat the purpose of having security measures in place, exposing both the DMZ and internal networks to potential threats. Thus, the correct answer accurately captures the primary objective