Explanation:
In network security, a screened subnet firewall is a variation of the dual-homed gateway and screened host firewall. It can be used to separate components of the firewall onto separate systems, thereby achieving greater throughput and flexibility, although at some cost to simplicity. As each component system of the screened subnet firewall needs to implement only a specific task, each system is less complex to configure.
A screened subnet firewall is often used to establish a demilitarized zone (DMZ).
Below are few examples of Firewall implementations:
Screened host Firewall
Utilizing a packet filtering router and a bastion host, this approach implements a basic network layer security and application server security.
An intruder in this configuration has to penetrate two separate systems before the security of the private network can be compromised
This firewall system is configured with the bastion host connected to the private network with a packet filtering router between internet and the bastion host
Dual-homed Firewall
A firewall system that has two or more network interface, each of which is connected to a different network
In a firewall configuration, a dual homed firewall system usually acts to block or filter some or all of the traffic trying to pass between the network
A dual-homed firewall system is more restrictive form of screened-host firewall system
Demilitarize Zone (DMZ) or screened-subnet firewall
Utilizing two packet filtering routers and a bastion host
This approach creates the most secure firewall system since it supports network and application level security while defining a separate DMZ network
Typically, DMZs are configured to limit access from the internet and organization’s private network.
The following were incorrect answers:
The other types of firewall mentioned in the option do not utilize two packet filtering routers and a bastion host.
Reference:
CISA review manual 2014 Page number 346