The senior security administrator wants to redesign the company DMZ to minimize the risks associated with
both external and internal threats. The DMZ design must support security in depth, change management and
configuration processes, and support incident reconstruction. Which of the following designs BEST supports
the given requirements?
A.
A dual firewall DMZ with remote logging where each firewall is managed by a separate administrator.
B.
A single firewall DMZ where each firewall interface is managed by a separate administrator and logging to
the cloud.
C.
A SaaS based firewall which logs to the company’s local storage via SSL, and is managed by the change
control team.
D.
A virtualized firewall, where each virtual instance is managed by a separate administrator and logging to the
same hardware.