Chapter 17. Network Address Translation (NAT) Flashcards
- Which NAT section has the highest priority during rule evaluation?
A. NAT Rules Before
B. Auto NAT Rules
C. NAT Rules After
D. All of them have the same priority.
A. NAT Rules Before. A NAT policy editor categorizes NAT rules into three groups: NAT Rules Before, Auto NAT Rules, and NAT Rules After. In the CLI, you can find the rules under Section 1, Section 2, and Section 3, respectively. During evaluation, the threat defense begins with the rules under Section 1, which is basically NAT Rules Before in the GUI.
- After you deploy a new NAT policy, if a connection still uses a rule from the prior version of the NAT policy, how could you ensure that the threat defense will use the new policy?
A. Deploy the NAT policy one more time.
B. Make the NAT rule more specific.
C. Clear the current translation table.
D. All of these answers are correct.
C. Clearing the current translation table ensures that the threat defense will use the new policy.
- Which deployment mode supports NAT?
A. Firewall mode
B. Inline mode
C. Inline-tap mode
D. All of these answers are correct.
A. Firewall mode supports NAT. Any associated interfaces that participate in a NAT configuration have to be in a regular firewall mode—routed or transparent. A threat defense does not support NAT on IPS-only interface types, such as inline, inline-tap, and passive.
- Which command enables you to determine whether a connection matches a NAT rule and how many times it has matched?
A. show nat
B. show nat detail
C. show xlate detail
D. show conn detail
B. The show nat detail command enables you to determine whether a connection matches a NAT rule and how many times it has matched.
