nerdexam
(ISC)2

CISSP-ISSAP · Question #112

Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution. Choose three.

The correct answer is A. It hides the internal IP addressing scheme. C. It is used to connect private networks to the public Internet. D. It shares public Internet addresses with a large number of internal. NAT translates private (internal) IP addresses to one or more public IP addresses before traffic leaves the network, which inherently hides the internal IP scheme (A) from outside observers - external hosts only see the public-facing address. It was specifically designed to conne

Infrastructure Security

Question

Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution. Choose three.

Options

  • AIt hides the internal IP addressing scheme.
  • BIt protects network from the password guessing attacks.
  • CIt is used to connect private networks to the public Internet.
  • DIt shares public Internet addresses with a large number of internal

How the community answered

(39 responses)
  • A
    82% (32)
  • B
    18% (7)

Explanation

NAT translates private (internal) IP addresses to one or more public IP addresses before traffic leaves the network, which inherently hides the internal IP scheme (A) from outside observers - external hosts only see the public-facing address. It was specifically designed to connect private networks to the Internet (C) as a solution to IPv4 address exhaustion, and it does so by sharing a small pool of public IPs across many internal hosts (D) using port mapping (PAT/overloading).

Why B is wrong: NAT operates at the network layer and has no awareness of credentials or authentication mechanisms - it simply translates addresses. It cannot inspect or block password guessing (brute-force) attacks; that's the job of firewalls, IDS/IPS, or account lockout policies.

Memory tip: Think of NAT as a front-desk receptionist - they handle all outgoing/incoming mail using one office address (public IP), keeping internal desk numbers (private IPs) hidden from outsiders, and they serve many employees from one address. A receptionist can't stop someone from guessing your PIN - they just route the calls.

Topics

#NAT#IP translation#Network perimeter security#Private-public IP mapping

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice