Which statement correctly describes a DMZ's access control?

• A. The DMZ exposes internal network entirely.
• B. The DMZ provides direct access to its own hosts while shielding the internal network.
• C. The DMZ eliminates the need for firewalls
• D. The DMZ is the same as the internal network

Answer: (B)

A DMZ is a buffer zone that hosts public-facing services and enforces access control to protect the internal network. It allows external users to reach the DMZ hosts directly while the internal network remains shielded behind firewall boundaries. This separation is exactly what the stated description captures: services in the DMZ are accessible, but the core network behind the DMZ is protected and not exposed. Firewalls or security gateways enforce rules so traffic from the internet to the DMZ is limited to specific services, and traffic from the DMZ to the internal network is tightly controlled or blocked unless explicitly permitted. The other ideas misrepresent the model: the DMZ does not expose the entire internal network, it does not remove the need for firewalls, and it is not the same as the internal network.