DMZ stands for Demilitarized Zone. Which statement best describes its purpose?

DMZ creates a buffer zone between the untrusted Internet and the trusted internal network by placing publicly accessible services on a separate network segment. This arrangement allows external users to reach those services—like a web or mail server—without exposing the internal network directly. Traffic from the Internet to the internal network is blocked or heavily restricted, and even traffic from the DMZ to internal systems is tightly controlled. This description matches the statement that a DMZ isolates external connections to publicly accessible services while shielding the internal network. The other descriptions miss the essential buffering role: a private network with no Internet exposure isn’t designed to host publicly reachable services; a firewall rule set inside the internal network isn’t the DMZ concept; and encrypting all internal traffic is about encryption, not about creating a separate, moderated zone.