Click the Exhibit button. User 1 will access Server 1 using IP address 10.2.1.1. You need to
ensure that return traffic is able to reach User 1 from Server 1. Referring to the exhibit,
which two configurations allow this communication (Choose two.)
A.
[edit security nat static] user@host# show rule-set server-nat { from zone [ untrust ]; rule
1 { match { destination-address 10.2.1.1/32; } then { static-nat { prefix { 192.168.1.2/32; } } }
} }
B.
[edit security nat static] user@host# show rule-set server-nat { from zone [ junos-host
untrust ]; rule 1 { match { destination-address 10.2.1.1/32; } then { static-nat { prefix {
192.168.1.2/32; routing-instance vr-b; } } } } }
C.
[edit security nat static] user@host# show rule-set server-nat { from zone untrust; rule 1 {
match { destination-address 10.2.1.1/32; } then { static-nat { prefix { 192.168.1.2/32;
routing-instance vr-a; } } } } }
D.
[edit security nat static] user@host# show rule-set in { from zone untrust; to zone cust-a;
rule overload { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } }
B and C
A and C
B is incorrect as server is in routing instance a
Ans A & C
AC
A is not correct, inet.0 has no route for Server 1 = Drop.
You would only need one static nat to achieve this, most likely this is not a “choose two” question.
Also B says from zone “junos-host untrust” so this question is probably just erroneous.
Tom,
your answers have been great help for me. thank you
Salute
ATTENTION!!! Exam Updated!!!
The Juniper JN0-633 exam End of Life (EOL) on July 1, 2017, now the new exam is JN0-634.
The newest JN0-634 dumps are available here FYI:
http://www.juniperbraindumps.com/category/juniper-junos-security-certification/jn0-634-dumps
Good Luck!!!