Juniper
JN0-696 · Question #7
JN0-696 Question #7: Real Exam Question with Answer & Explanation
Sign in or unlock JN0-696 to reveal the answer and full explanation for question #7. The question stem and answer options stay visible for context.
Question
user@host> show configuration ... security { nat { destination { pool server { address 10.100.100.1/32 port 5555; } rule-set rule1 { from zone UNTRUST; rule 1 { match { destination-address 192.168.100.1/32; destination-port 5000; } then { destination-nat pool server; } } } } proxy-arp { interface ge-0/0/1.0 { address { 192.168.100.1/32; } } } } policies { from-zone UNTRUST to-zone TRUST { policy allow { match { source-address any; destination-address any; application [ junos-ping tcp-5000 ]; } then { permit; } } } } zones { security-zone TRUST { interfaces { ge-0/0/2.0 { host-inbound-traffic { protocols { all; } } } } } security-zone UNTRUST { interfaces { ge-0/0/1.0 { host-inbound-traffic { system-services { ping; } } } } } } } applications { application tcp-5000 { protocol tcp; destination-port 5000; } } Your customer is attempting to reach a new server that should be accessible publicly using 192.168.100.100 on TCP port 5000, and internally using 10.100.100.1 on TCP port 5555. You notice no sessions form when the customer attempts to access the server. Referring to the exhibit, what will resolve this problem?
Options
- AThere must be a TRUST-to-UNTRUST security policy to allow return traffic.
- BThe NAT pool server must use port 5000.
- CThe UNTRUST-to-TRUST security policy must allow port 5555.
- DThe NAT rule set rule1 must match on port 5555.
Unlock JN0-696 to see the answer
You've previewed enough free JN0-696 questions. Unlock JN0-696 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.