Click the Exhibit button. User 1 will access Server 1 using IP address 10.2.1.1. You need to
ensure that return traffic is able to reach User 1 from Server 1. Referring to the exhibit,
which two configurations allow this communication (Choose two.)
A.
[edit security nat static] user@host# show rule-set server-nat { from zone [ untrust ]; rule
1 { match { destination-address 10.2.1.1/32; } then { static-nat { prefix { 192.168.1.2/32; } } }
} }
B.
[edit security nat static] user@host# show rule-set server-nat { from zone [ junos-host
untrust ]; rule 1 { match { destination-address 10.2.1.1/32; } then { static-nat { prefix {
192.168.1.2/32; routing-instance vr-b; } } } } }
C. routing-instance vr-a; } } } } }
[edit security nat static] user@host# show rule-set server-nat { from zone untrust; rule 1 {
match { destination-address 10.2.1.1/32; } then { static-nat { prefix { 192.168.1.2/32;
D.
[edit security nat static] user@host# show rule-set in { from zone untrust; to zone cust-a;
rule overload { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } }
any one could explaine why C is an answer ?!
0
0
what is true answer?
0
0
I believe it’s “C”. The one which makes more sense to me
0
0
why B? and why C ?
0
0
and why he uses “from zone [ junos-host ” in B ?
0
0
C,D
C: to make static NAT for destination IP on VR-1 to allow traffic from User-1 to Server-1
D: to make Static Nat for source ip of user-1 to allow its source ip to be the ip of Ge-0/0/2.0 (192.1681.x/24) of VR-A to allow return traffic from Server-1 to user-1
0
0
C is the correct answer
0
0
Hey guys had you seen that questions require two answer (choose two!!!) OH my God.
Anyway why should be D, which is the egress interface here??? Ge-0/0/2.0 or Ge-0/0/3.0?
0
0
Hi,
“D” for sure not the option. If I am not wrong there is no option in Static NAT configuration to mention “to zone”; secondly, static nat cannot be used with interface. So option D is syntax issue.
I think, B & C are better options.
0
0
why option B if the VR of server 1 is A?
0
0
answer should be A & C because
C > as you want to communicate with server in VR.a
A > even if you dont specify VR, you can add instance Import or RIB-GRP to import A routes to untrust.
0
0
A – maybe with additional config
B – bullshit
C – correct 100%
D – bullshit
what are we left with, guys? AC
0
0
Passed JN0-633 exam recently!
65 multiple choice questions, a little difficult to pass.
Pay close attention to questions on AppQoS, Routing (OSPF, BGP) in VPN (group, auto and hub-and-spoke), AppSecure, troubleshoot of IPSec, etc.
I learned valid JN0-633 dumps here:
http://www.passleader.com/jn0-633.html (209Q VCE and PDF)
Recommend to you!
0
0
P.S.
You can download that 209Q dumps for free, here:
https://doc.co/Tek7cT
Good Luck!
0
0
ac
0
0