JNCIA-SEC: Juniper Networks Certified Associate – Security (2021) — Question 18

You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the Internet. The webservers must use the same address for both connections from the Internet and communication with update servers.
Which NAT type must be used to complete this project?

Answer options

• A. source NAT
• B. destination NAT
• C. static NAT
• D. hairpin NAT

Correct answer: C

Explanation

Static NAT is the correct choice because it allows a one-to-one mapping between a private IP address and a public IP address, enabling the webservers to maintain the same address for both external and internal communications. Source NAT is used to modify the source address of outbound packets, while destination NAT changes the destination address of incoming packets, neither of which fulfill the requirement for the webservers in this scenario. Hairpin NAT is used for scenarios where internal devices need to communicate with other internal devices using their public IPs, which is not applicable here.