CERTIFIED-IN-CYBERSECURITY Question #225: Real Exam Question with Answer & Explanation

Question

What is the problem when a NAT router uses a 192.168.x.x subnet and has an external IP of 192.168.1.40?

Options

• AThe upstream system may require the use of PAT if it is unable to properly process encapsulated
• B192.168.1.40 is a valid address for use in a private network according to RFC 1918
• CDouble NATing using the same IP range is possible but can cause complications
• D192.168.x.x is not publicly routable and is only used for private networks

Explanation

The problem with a NAT router using a 192.168.x.x subnet and having an external IP of 192.168.1.40 is that 192.168.x.x is not publicly routable and is only used for private networks (see ISC2 Study Guide, Module 1, under Internet Protocol IPv4 and IPv6). This means that any traffic originating from this subnet cannot reach the public Internet. For example, if a small business has a NAT router mistakenly configured with an external IP of 192.168.1.40, it would not be able to communicate with the public Internet because that IP address is reserved for private networks. In addition, using the same IP range for both private and public networks can lead to complications such as double NATing (see the ISC2 Study Guide, Module 3, under Network Design). Finally, the suggestion that the upstream system may require the use of PAT if it is unable to properly process encapsulated packets is also incorrect. While PAT can be used in some scenarios, it doesn't address the core issue of using a private IP range as an external IP in a NAT router.

No community discussion yet for this question.