A company is redesigning a customer portal. Internet users must reach only the web tier, the application tier must be reachable only from the web tier, and the database must be reachable only from the application tier. Administrators should manage servers from a dedicated jump host. Which design best meets these requirements?
This design separates the exposure of each tier and limits traffic to the minimum necessary paths. The web servers can face the internet in a DMZ, while the application and database tiers remain progressively more restricted. ACLs and a jump host also enforce controlled administrative access and reduce direct management exposure.
Why this answer
Option B correctly implements a layered security architecture by placing web servers in a DMZ (accessible from the internet), application servers in an internal subnet (accessible only from the DMZ), and databases in a restricted trust zone (accessible only from the application tier). Administration is restricted to a dedicated jump host, enforcing strict network segmentation and least-privilege access control via ACLs.
Exam trap
The trap here is that candidates may think host firewalls alone are sufficient for segmentation, ignoring that VLANs and network ACLs are required to prevent lateral movement and enforce tier-to-tier access restrictions at the network layer.
How to eliminate wrong answers
Option A is wrong because placing all servers on a single VLAN with host firewalls violates the requirement for network segmentation; host firewalls can be misconfigured or bypassed, and a single VLAN allows lateral movement between tiers if any host is compromised. Option C is wrong because placing database servers in the DMZ exposes them directly to the internet, contradicting the requirement that the database be reachable only from the application tier and creating a severe security risk.