The senior security administrator wants to redesign the company DMZ to minimize the risks
associated with both external and internal threats. The DMZ design must support security in depth,
change management and configuration processes, and support incident reconstruction. Which of
the following designs BEST supports the given requirements?
A.
A dual firewall DMZ with remote logging where each firewall is managed by a separate
administrator.
B.
A single firewall DMZ where each firewall interface is managed by a separate administrator and
logging to the cloud.
C.
A SaaS based firewall which logs to the company’s local storage via SSL, and is managed by
the change control team.
D.
A virtualized firewall, where each virtual instance is managed by a separate administrator and
logging to the same hardware.