A
DMZ isolates public-facing servers between two firewalls. Compromised DMZ servers can't reach internal networks directly due to the second firewall.
DMZ servers should have no direct access to internal servers. Database servers should be on the internal network, not the DMZ. The DMZ is a sacrificial zone — hardened but expected to be attacked.