What is the default mode for an interface in the Trust zone?

A.
NAT

B.
route

C.
Layer 2

D.
Layer 3

E.
transparent

Explanation:
Interfaces can operate in three different modes: Network Address Translation (NAT), Route, and Transparent. If an interface bound to a Layer 3 zone has an IP address, you can define the operational mode for that interface as either NAT or Route. An interface bound to a Layer 2 zone (such as the predefined v1-trust, v1-untrust, and v1-dmz zones, or a user-defined Layer 2 zone) must be in Transparent mode. You select an operational mode when you configure an interface.
When an ingress interface is in Network Address Translation (NAT) mode, the NetScreen device, acting like a Layer 3 switch (or router), translates two components in the header of an outgoing IP packet destined for the Untrust zone: its source IP address and source port number. The NetScreen device replaces the source IP address of the originating host with the IP address of the Untrust zone interface. Also, it replaces the source port number with another random port number generated by the NetScreen device. Remember that the interface that is residing in the trust zone, is default in NAT mode. When an interface is in Route mode, the NetScreen device routes traffic between different zones without performing source NAT (NAT-src); that is, the source address and port number in the IP packet header remain unchanged as it traverses the NetScreen device.