Which of the following network design elements allows for many internal devices to share one public IP
Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple
devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to
conserve IP addresses.
Most home networks use PAT. In such a scenario, the Internet Service Provider (ISP) assigns a single IP
address to the home network’s router. When Computer X logs on the Internet, the router assigns the client a
port number, which is appended to the internal IP address. This, in effect, gives Computer X a unique address.
If Computer Z logs on the Internet at the same time, the router assigns it the same local IP address with a
different port number. Although both computers are sharing the same public IP address and accessing the
Internet at the same time, the router knows exactly which computer to send specific packets to because each
computer has a unique internal address.
A: Destination network address translation (DNAT) is a technique for transparently changing the destination IP
address of an end route packet and performing the inverse function for any replies. Any router situated between
two endpoints can perform this transformation of the packet. DNAT is commonly used to publish a service
located in a private network on a publicly accessible IP address. This use of DNAT is also called port
forwarding. DNAT does not allow for many internal devices to share one public IP address.
C: DNS (Domain Name System) is a service used to translate hostnames or URLs to IP addresses. DNS does
not allow for many internal devices to share one public IP address.
D: A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization’s
external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add
an additional layer of security to an organization’s local area network (LAN); an external network node only has
direct access to equipment in the DMZ, rather than any other part of the network. A DMZ does not allow for
many internal devices to share one public IP address.