JNCIA-SEC: Juniper Networks Certified Associate – Security (2021) — Question 36

You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the Internet. You do not want the webservers to initiate connections with external update servers on the Internet using the same IP address as customers use to access them.
Which two NAT types must be used to complete this project? (Choose two.)

Answer options

• A. static NAT
• B. hairpin NAT
• C. destination NAT
• D. source NAT

Correct answer: C, D

Explanation

The correct answers are C and D because destination NAT is required to translate the incoming requests to the webservers, while source NAT is necessary to ensure that the outgoing traffic from the webservers appears to come from a different IP address. Options A and B are not applicable; static NAT does not serve the requirement of dynamic IP translation, and hairpin NAT is not relevant in this scenario as it pertains to local traffic routing.