CompTIA Security+ Question B-49

A company administrator has a firewall with an outside interface connected to the Internet and an inside interface connected to the corporate network. Which of the following should the administrator configure to redirect traffic destined for the default HTTP port on the outside interface to an internal server listening on port 8080?

A. Create a dynamic PAT from port 80 on the outside interface to the internal interface on port
B. Create a dynamic NAT from port 8080 on the outside interface to the server IP address on port
C. Create a static PAT from port 80 on the outside interface to the internal interface on port 8080
D. Create a static PAT from port 8080 on the outside interface to the server IP address on port 80

Answer: C

Explanation:
Static PAT translations allow a specific UDP or TCP port on a global address to be translated to a specific port on a local address. In this case, the default HTTP port (80) is the global address to be translated, and port 8080 is the specific port on a local address.

Incorrect Options:

A: Dynamic PAT is not a valid type of PAT.

B: Dynamic NAT translates a group of real addresses to a pool of mapped addresses that are routable on the destination network. The question also states that the internal server is listening on port 8080.

D: The question states that the internal server is listening on port 8080.

Reference:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_staticpat.h tml