CompTIA CASP+ Practice Test 2025 - Free CASP+ Practice Questions and Study Guide

The tri-interface firewall with a DMZ (Demilitarized Zone) offers the most robust protection for a bank's online banking system due to its architecture, which segregates traffic and enhances security.

In this setup, the tri-interface firewall typically includes one interface connected to the internal network, another to the external network (the internet), and a third interface managing a DMZ. The DMZ serves as a buffer zone between the internal network and external network, allowing public-facing services, such as online banking applications or web servers, to operate while protecting the internal network from direct exposure to the internet.

This design allows for enhanced security because it minimizes the risk of attacks originating from the internet reaching the internal network. Traffic can be strictly monitored as it passes between the external interface and the DMZ, and additional layers of security measures, such as intrusion detection and prevention systems, can be applied specifically to the DMZ. Moreover, if a web server in the DMZ is compromised, the attacker is still separated from accessing the internal network, thereby protecting sensitive data and resources.

The other options, such as a single or dual interface firewall, do not provide the same level of segmentation and protection as a tri-interface setup with a DMZ. A filterless