Which statement implements a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports?

A DMZ is a separate network zone placed between the Internet and the internal network to host only services that must be publicly accessible, with strict controls on what can reach the internal environment. The statement describing implementing a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports captures exactly how a DMZ works: you expose only the necessary services from the DMZ, and firewall rules ensure that only approved protocols and ports can be used to reach those services, preventing direct access to the cardholder data environment. This minimizes risk because even if a public-facing service is compromised, attackers can’t directly reach internal systems. The other options describe related traffic controls without specifying the DMZ’s role in hosting publicly accessible services and enforcing tight inbound access at the DMZ boundary.