PCNSE · Question #807
PCNSE Question #807: Real Exam Question with Answer & Explanation
The correct answer is B: Destination Zone DMZ, Destination IP address 10.10.10.1. When configuring a security policy for a destination NAT, the security policy should reference the real IP address (after NAT translation) and the destination zone (which in this case is the DMZ The destination IP address after NAT is 10.10.10.1 (as the NAT policy translates 2.2.
Question
An engineer configures a destination NAT policy to allow inbound access to an internal server in the DMZ. The NAT policy is configured with the following values: - Source zone: Outside and source IP address 1.2.2.2 - Destination zone: Outside and destination IP address 2.2.2.1 The destination NAT policy translates IP address 2.2.2.1 to the real IP address 10.10.10.1 in the DMZ zone. Which destination IP address and zone should the engineer use to configure the security policy?
Options
- ADestination Zone Outside. Destination IP address 2.2.2.1
- BDestination Zone DMZ, Destination IP address 10.10.10.1
- CDestination Zone DMZ, Destination IP address 2.2.2.1
- DDestination Zone Outside. Destination IP address 10.10.10.1
Explanation
When configuring a security policy for a destination NAT, the security policy should reference the real IP address (after NAT translation) and the destination zone (which in this case is the DMZ The destination IP address after NAT is 10.10.10.1 (as the NAT policy translates 2.2.2.1 to The destination zone is the DMZ zone, where the real server resides.
Topics
Community Discussion
No community discussion yet for this question.