An administrator is building a web server to host an online banking application. The server should not have access to the internal network, and only ports that are used by the application should be opened. Which of the following MUST be implemented to meet the business requirements?

The requirement is to ensure that the web server hosting the online banking application does not have access to the internal network, while also allowing only the necessary ports to remain open for the application's operation. Implementing a company firewall to block all ports that are not used by the application is essential. This ensures that only the ports required for the web server, such as those for HTTP or HTTPS traffic, are accessible from the outside, while securing the server from unwanted access attempts and potential attacks.

By configuring the firewall in this way, the administrator is effectively controlling the traffic that flows to and from the server, aligning with the need to isolate the server from the internal network. It creates an additional layer of protection by not only restricting access to the specific application ports but also by ensuring that the server remains segregated from the internal network, thus minimizing the risk of unauthorized access to critical internal resources.

The other options do not effectively meet the core requirements: adding the server to the internal network (the first option) directly contradicts the need for isolation; using an ISA server (the second option) as a solution is more about proxy services rather than directly blocking access; and utilizing a VPN (the third option) does not inherently block ports but rather creates a