NETSEC-GENERALIST · Question #21
NETSEC-GENERALIST Question #21: Real Exam Question with Answer & Explanation
The correct answer is C: Source: Untrust (Any). In this DNAT setup, HTTP and SSH traffic are directed to specific servers in the DMZ. The configuration ensures precise policy rules align with the DNAT mapping. Rule C: Allows HTTP (web-browsing application) traffic from the Untrust zone to the DMZ. The NAT configuration maps th
Question
Refer to the exhibit. A network administrator is using DNAT to map two servers to one public IP address. Traffic will be directed to a specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and Host B (10.1.1.101) receives SSH traffic. Which two sets of Security policy rules will accomplish this configuration? (Choose two.)
Options
- ASource: Untrust (Any)
- BSource: Untrust (Any)
- CSource: Untrust (Any)
- DSource: Untrust (Any)
Explanation
In this DNAT setup, HTTP and SSH traffic are directed to specific servers in the DMZ. The configuration ensures precise policy rules align with the DNAT mapping. Rule C: Allows HTTP (web-browsing application) traffic from the Untrust zone to the DMZ. The NAT configuration maps this to Host A (10.1.1.100). Rule D: Allows SSH traffic from the Untrust zone to the DMZ. The NAT configuration maps this to Host B (10.1.1.101). This design segments and secures traffic while ensuring the correct mapping of applications to the servers. Both rules work in conjunction with the destination NAT policy to ensure seamless traffic flow and application-specific routing.
Topics
Community Discussion
No community discussion yet for this question.