Which of the following NAT types effectively exempts on…

Which of the following NAT types effectively exempts one or more addresses from translation? (Select the best
answer.)

Which of the following NAT types effectively exempts one or more addresses from translation? (Select the best
answer.)

A.
dynamic NAT

B.
dynamic PAT

C.
identity NAT

D.
static NAT

Explanation:
Identity Network Address Translation (NAT) is a NAT type that effectively exempts one or more addresses from
translation. With identity NAT, real addresses and mapped addresses are identical for a particular NAT rule.
For example, an identity rule might specify that a real address of 192.168.13.1 on the inside interface should be
translated to a mapped address of 192.168.13.1 on the outside interface. Because the real and mapped
addresses are identical in an identity NAT rule, any matching addresses effectively bypass NAT. A common
use for identity NAT is to exempt remote access virtual private network (VPN) client addresses from the NAT
rules applied to the VPN gateway interfaces.
Static NAT, dynamic NAT, and dynamic Port Address Translation (PAT) are not NAT types that effectively
exempt one or more addresses from translation. Static NAT provides a bidirectional translation between real
and mapped IP addresses. As the name implies, static NAT specifies a mapping between real and mapped
addresses that does not change over time. Static NAT rules typically define onetoone mappings of real and
mapped addresses. By contrast, dynamic NAT provides unidirectional mappings between one or more real
addresses and one or more mapped addresses. The addresses are mapped on a firstcome, firstserved basis,
and mappings can be initiated only by hosts with real addresses. Dynamic PAT provides mappings between
one or more real addresses and a single mapped address. With dynamic PAT, the source port of each real
address is used to identify the associated mapped port and address. Like dynamic NAT, dynamic PAT
mappings occur on a firstcome, firstserved basis and mappings can be initiated only by hosts with real
addresses.

Cisco: Information About NAT: Identity NAT



Leave a Reply 3

Your email address will not be published. Required fields are marked *


Nicole

Nicole

22nd/Dec/2017 New 210-260 Exam Questions Updated:

QUESTION 175
What are the three layers of a hierarchical network design? (Choose three.)

A. core
B. access
C. server
D. user
E. internet
F. distribution

Answer: ABF

QUESTION 176
In which type of attack does the attacker attempt to overload the CAM table on a switch so that the switch acts as a hub?

A. gratuitous ARP
B. MAC flooding
C. MAC spoofing
D. DoS

Answer: B
Explanation:
Switch goes into fail-open mode, becomes a hub.

QUESTION 177
Refer to the exhibit. With which NTP server has the router synchronized?

A. 192.168.10.7
B. 108.61.73.243
C. 209.114.111.1
D. 204.2.134.164
E. 132.163.4.103
F. 241.199.164.101

Answer: A
Explanation:
Because you have to refer to our_master , which is only showing on 192.168.10.07. on the rest of them you nothing showing.
“our_master” term lists selected synchronization server at the beginning of the line.

QUESTION 178
What are two ways to protect eavesdropping when you perform device-management task? (Choose two)

A. use SNMPv2
B. use SSH connection
C. use SNMPv3
D. use in-band management
E. use out-band management

Answer: BC
Explanation:
These management plane protocols are encrypted.

QUESTION 179
Which firewall configuration must you perform to allow traffic to flow in both directions between two zones?

A. You can configure a single zone pair that allows bidirectional traffic flows from for any zone except the self-zone
B. You must configure two zone pairs, one for each direction
C. You can configure a single zone pair that allows bidirectional traffic flows for any zone
D. You can configure a single zone pair that allows bidirectional traffic flows only if the source zone is the less secure zone.

Answer: B
Explanation:
A single zone pair is NOT bidirectional, so you must have two pairs to cover both directions.

QUESTION 180
Which three ways does the RADIUS protocol differ from TACACS?? (Choose three)

A. RADIUS authenticates and authorizes simultaneously. Causing fewer packets to be transmitted
B. RADIUS encrypts only the password field in an authentication packets
C. RADIUS can encrypt the entire packet that is sent to the NAS
D. RADIUS uses UDP to communicate with the NAS
E. RADIUS uses TCP to communicate with the NAS
F. RADIUS support per-command authentication

Answer: ABD
Explanation:
TACACS+ encypts the entire body of the packet and supports per-command-authentication for greater granularity.

QUESTION 181
A data breach has occurred and your company database has been copied. Which security principle has been violated?

A. Confidentiality
B. Access
C. Control
D. Availability

Answer: A

QUESTION 182
If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use?

A. BPDU guard
B. portfast
C. EherCahannel guard
D. loop guard

Answer: A
Explanation:
The key here is the word ‘switch’. The entire switch goes into a blocked state, meaning that it can’t participate in STP, it is blocked. Root guard basically puts the port in a listening state rather than forwarding, still allowing the device to participate in STP.

More new 210-260 PDF Questions can be viewed at: (I have already uploaded some new PDF there!)

pat

pat

that was really helpful. I couldn’t understand what the difference was.