PrepAway - Latest Free Exam Questions & Answers

Which two forms of address translation could have generated the output shown?

Review the exhibit. Which two forms of address translation could have generated the output shown?

PrepAway - Latest Free Exam Questions & Answers

A.
MIP

B.
Interface-based translation

C.
NAT-src with a DIP, fixed-port enabled

D.
NAT-src with a DIP, fixed-port disabled

Explanation:
MIP
– A MIP is a mapping of one IP address to another IP address. You define one address in the same subnet as an interface IP address. The other address belongs to the host to which you want to direct traffic. Address translation for a MIP behaves bidirectionally, so that the NetScreen device translates the destination IP address in all traffic coming to a MIP to the host IP address and source IP address in all traffic originating from the host IP address to the MIP address. MIPs do not support port mapping. Interface-based – When an ingress interface is in Network Address Translation (NAT) mode, the NetScreen device, acting like a Layer 3 switch (or router), translates two components in the header of an outgoing IP packet destined for the Untrust zone: its source IP address and source port number. The NetScreen device replaces the source IP address of the originating host with the IP address of the Untrust zone interface. Also, it replaces the source port number with another random port number generated by the NetScreen device.
(not appplicable in this scenario because port translation is not used) DIP – When performing source network address translation (NAT-src), the NetScreen device translates the original source IP address to a different address. The translated address can come from a dynamic IP (DIP) pool or from the egress interface of the NetScreen device. If the NetScreen device draws the translated address from a DIP pool, it can do so either arbitrarily or deterministically; that is, it can draw any address from the DIP pool at random, or it can consistently draw a specific address in relation to the original source IP address.
When applying source network address translation (NAT-src) with port address translation (PAT), the NetScreen device translates IP addresses and port numbers however the occasion can arise when you want to perform source network address translation (NAT-src) for the IP address but not port address translation (PAT) for the source port number. Perhaps a custom application requires a specific that the source port address be a specific number. Perhaps the target host requires that the source IP address and port address be certain numbers to uniquely identify the host. In such cases, you can define a policy instructing the NetScreen device to perform NAT-src without PAT.
(Fixed-Port Enabled)


Leave a Reply