200-301 Question #776: Real Exam Question with Answer & Explanation

The correct answer is A: It can lead to overloaded resources on the router.. Using permit any in a NAT access list can indiscriminately translate all internal traffic, potentially overwhelming the router's resources by creating an excessive number of NAT translation entries.

Submitted by anna_se· Mar 5, 2026

Question

What is the danger of the permit any entry in a NAT access list?

Options

AIt can lead to overloaded resources on the router.
BIt can cause too many addresses to be assigned to the same interface.
CIt can disable the overload command.
DIt prevents the correct translation of IP addresses on the inside network.

Explanation

Using permit any in a NAT access list can indiscriminately translate all internal traffic, potentially overwhelming the router's resources by creating an excessive number of NAT translation entries.

Common mistakes.

B. NAT translates addresses, it doesn't assign too many addresses to an interface; the issue is with the number of translations or exhaustion of the translation pool.
C. permit any does not disable the overload command; rather, it expands the scope of addresses that will be subject to the overload function.
D. permit any actually ensures all IP addresses specified by the ACL are translated, so it would not prevent correct translation, but rather could lead to unwanted or resource-intensive translation.

Concept tested. NAT access list security and resource management

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/nat-xe-3s-book/ipnat-cfg-nat-ovrld-fr.html

Topics

#NAT#ACLs#PAT#Resource Exhaustion

Community Discussion

No community discussion yet for this question.

Full 200-301 Practice Browse All 200-301 Questions