Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›300-410›Objectives›NAT and PAT
Objective 409.0

NAT and PAT

300-410 Practice Questions

Full Practice Test →All Objectives

300-410 NAT and PAT — Practice Questions

30 questions from this objective

Question 2mediummultiple choice
Read the full NAT/PAT explanation →

A network engineer is troubleshooting connectivity from a host inside a corporate network to a public web server. The host has IP 10.1.1.10/24, and the router's outside interface is 203.0.113.1/24. The engineer configured a dynamic NAT pool (203.0.113.10-203.0.113.20) and an access list permitting 10.1.1.0/24. However, traffic from the host fails. A 'show ip nat translations' reveals no translations. What is the most likely cause?

Question 3mediummultiple choice
Read the full NAT/PAT explanation →

A network engineer is troubleshooting PAT (overload) on a Cisco router. The inside network uses 192.168.1.0/24, and the outside interface has IP 198.51.100.1. The engineer configured 'ip nat inside source list 1 interface GigabitEthernet0/0 overload'. Traffic from inside hosts works initially, but after a few minutes, new connections fail. 'Show ip nat translations' shows many entries with the same outside global IP but different ports. 'Show ip nat statistics' indicates that the number of translations is near 500. What is the most likely cause?

Question 4hardmultiple choice
Read the full NAT/PAT explanation →

An engineer configures static NAT on a router to map a public IP 203.0.113.5 to an internal server 10.0.0.5. The configuration includes 'ip nat inside source static 10.0.0.5 203.0.113.5'. The server is reachable from the outside, but the server cannot initiate connections to the outside network. 'Show ip nat translations' shows the static entry. What is the most likely cause?

Question 5hardmultiple choice
Read the full NAT/PAT explanation →

A network engineer is troubleshooting NAT for a VoIP phone that uses SIP. The phone is at 192.168.2.10, and the router performs PAT to the outside interface 198.51.100.1. The phone can register with the SIP server, but calls fail after 30 seconds. The engineer notices that the SIP signaling includes the phone's private IP in the SDP body. What is the most likely cause?

Question 6mediummultiple choice
Study the full ACL explanation →

An engineer configures NAT on a router with 'ip nat inside source list 1 interface GigabitEthernet0/0 overload'. The inside hosts are 10.0.0.0/24, and the outside interface is 203.0.113.1. Traffic works for most hosts, but one host at 10.0.0.50 cannot access the internet. 'Show ip nat translations' shows no entry for this host. 'Show access-lists' shows ACL 1 permits 10.0.0.0 0.0.0.255. What is the most likely cause?

Question 7hardmultiple choice
Read the full VPN explanation →

A network engineer is troubleshooting NAT for a VPN tunnel. The router has a static NAT rule 'ip nat inside source static 10.0.0.10 203.0.113.10' for a server. The VPN traffic from the remote site to 203.0.113.10 is being NATed to 10.0.0.10, but the return traffic from the server to the remote site is not being translated back. The engineer sees that the server sends packets with source 10.0.0.10 to the remote site's public IP. What should the engineer do to fix this?

Question 8mediummultiple choice
Study the full ACL explanation →

An engineer configures NAT overload on a router. The inside network uses 172.16.0.0/16, and the outside interface is 198.51.100.1. The engineer uses 'ip nat inside source list 1 interface GigabitEthernet0/0 overload'. ACL 1 permits 172.16.0.0 0.0.255.255. Traffic works, but the engineer notices that the router's CPU utilization is high, and 'show ip nat translations' shows thousands of entries. What is the most likely cause?

Question 9hardmultiple choice
Study the full ACL explanation →

A network engineer is troubleshooting NAT for a web server that is reachable from the internet via a static NAT mapping 203.0.113.20 to 10.0.0.20. The server responds to HTTP requests, but the engineer cannot SSH to the server from the internet. 'Show ip nat translations' shows the static entry. The router's ACL on the outside interface permits TCP port 22 to 203.0.113.20. What is the most likely cause?

Question 10mediummultiple choice
Read the full NAT/PAT explanation →

An engineer configures NAT on a router with 'ip nat inside source list 1 pool POOL overload' where POOL contains 203.0.113.1-203.0.113.5. The inside hosts are 10.0.0.0/24. Traffic works, but the engineer notices that some hosts are assigned the same public IP and port, causing conflicts. 'Show ip nat translations' shows entries with the same inside global IP and port for different inside local hosts. What is the most likely cause?

Question 11mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show ip nat translations

Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- --- 192.0.2.11 10.0.0.11 --- --- --- 192.0.2.12 10.0.0.12 --- ---

R1# show ip nat statistics

Total active translations: 3 (0 static, 3 dynamic; 3 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 45 Misses: 0 CEF Translated packets: 45, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source

[Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240

refcount 3 map-id 1 overload

[Id] ip nat inside source list ACL1 pool POOL1 overload

refcount 3

Based on this output, which statement is correct?

Question 12hardmultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show ip nat translations

Pro Inside global Inside local Outside local Outside global udp 192.0.2.10:1234 10.0.0.10:1234 203.0.113.5:53 203.0.113.5:53 tcp 192.0.2.10:5678 10.0.0.10:5678 198.51.100.20:80 198.51.100.20:80 --- 192.0.2.11 10.0.0.11 --- ---

R1# show ip nat statistics

Total active translations: 3 (0 static, 3 dynamic; 3 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 100 Misses: 0 CEF Translated packets: 100, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source

[Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240

refcount 3 map-id 1 overload

[Id] ip nat inside source list ACL1 pool POOL1 overload

refcount 3

Based on this output, what is the problem?

Question 13mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show ip nat translations

Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 203.0.113.5 203.0.113.5 --- 192.0.2.11 10.0.0.11 203.0.113.5 203.0.113.5

R1# show ip nat statistics

Total active translations: 2 (0 static, 2 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 20 Misses: 0 CEF Translated packets: 20, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source

[Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240

refcount 2 map-id 1

[Id] ip nat inside source list ACL1 pool POOL1

refcount 2

Based on this output, which statement is correct?

Question 14easymultiple choice
Read the full NAT/PAT explanation →

A network engineer runs the following command on Router R1:

R1# show ip nat translations

Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- ---

R1# show ip nat statistics

Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 5 Misses: 0 CEF Translated packets: 5, CEF Punted packets: 0 Expired translations: 0

Based on this output, which statement is correct?

Question 15hardmultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show ip nat translations

Pro Inside global Inside local Outside local Outside global tcp 192.0.2.10:80 10.0.0.10:80 203.0.113.5:12345 203.0.113.5:12345 tcp 192.0.2.10:80 10.0.0.11:80 203.0.113.5:67890 203.0.113.5:67890

R1# show ip nat statistics

Total active translations: 2 (0 static, 2 dynamic; 2 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 50 Misses: 0 CEF Translated packets: 50, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source

[Id] ip nat inside source list ACL1 interface GigabitEthernet0/1 overload

refcount 2

Based on this output, what is the problem?

Question 16mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show ip nat translations

Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- --- 192.0.2.11 10.0.0.11 --- ---

R1# show ip nat statistics

Total active translations: 2 (0 static, 2 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 0 Misses: 10 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source

[Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240

refcount 2 map-id 1

[Id] ip nat inside source list ACL1 pool POOL1

refcount 2

Based on this output, what is the problem?

Question 17hardmultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show ip nat translations

Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- --- 192.0.2.11 10.0.0.11 --- --- --- 192.0.2.12 10.0.0.12 --- --- --- 192.0.2.13 10.0.0.13 --- --- --- 192.0.2.14 10.0.0.14 --- --- --- 192.0.2.15 10.0.0.15 --- --- --- 192.0.2.16 10.0.0.16 --- --- --- 192.0.2.17 10.0.0.17 --- --- --- 192.0.2.18 10.0.0.18 --- --- --- 192.0.2.19 10.0.0.19 --- --- --- 192.0.2.20 10.0.0.20 --- ---

R1# show ip nat statistics

Total active translations: 11 (0 static, 11 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 200 Misses: 0 CEF Translated packets: 200, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source

[Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240

refcount 11 map-id 1

[Id] ip nat inside source list ACL1 pool POOL1

refcount 11

Based on this output, what is the problem?

Question 18mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show ip nat translations

Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- ---

R1# show ip nat statistics

Total active translations: 1 (0 static, 1 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 0 Misses: 0 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source

[Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240

refcount 1 map-id 1

[Id] ip nat inside source list ACL1 pool POOL1

refcount 1

Based on this output, what is the problem?

Question 19easymultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show ip nat translations

Pro Inside global Inside local Outside local Outside global udp 192.0.2.10:10000 10.0.0.10:10000 203.0.113.5:53 203.0.113.5:53 udp 192.0.2.10:10001 10.0.0.11:10000 203.0.113.5:53 203.0.113.5:53 udp 192.0.2.10:10002 10.0.0.12:10000 203.0.113.5:53 203.0.113.5:53

R1# show ip nat statistics

Total active translations: 3 (0 static, 3 dynamic; 3 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 150 Misses: 0 CEF Translated packets: 150, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source

[Id] ip nat inside source list ACL1 interface GigabitEthernet0/1 overload

refcount 3

Based on this output, which statement is correct?

Question 20mediummultiple choice
Read the full NAT/PAT explanation →

Consider the following partial configuration on a Cisco IOS-XE router:

interface GigabitEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside

!

interface GigabitEthernet0/1
 ip address 203.0.113.1 255.255.255.0
 ip nat outside

!

ip nat inside source list 1 interface GigabitEthernet0/1 overload
access-list 1 permit 192.168.1.0 0.0.0.255

What is the effect of this configuration?

Question 21mediummultiple choice
Read the full NAT/PAT explanation →

Given this partial configuration:

ip nat pool MYPOOL 203.0.113.10 203.0.113.20 netmask 255.255.255.0
ip nat inside source list 1 pool MYPOOL
access-list 1 permit 192.168.1.0 0.0.0.255

What is the effect?

Question 22mediummultiple choice
Read the full NAT/PAT explanation →

Examine this configuration:

interface GigabitEthernet0/0
 ip address 10.0.0.1 255.255.255.0
 ip nat inside

!

interface GigabitEthernet0/1
 ip address 198.51.100.1 255.255.255.0
 ip nat outside

!

ip nat inside source static tcp 10.0.0.10 80 198.51.100.10 8080 extendable

Which statement is true?

Question 23mediummultiple choice
Read the full NAT/PAT explanation →

What is the problem with this NAT configuration?

interface GigabitEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside

!

interface GigabitEthernet0/1
 ip address 203.0.113.1 255.255.255.0

!

ip nat inside source list 1 interface GigabitEthernet0/1 overload
access-list 1 permit 192.168.1.0 0.0.0.255
Question 24mediummultiple choice
Read the full NAT/PAT explanation →

Given this configuration:

ip nat pool GLOBAL 203.0.113.1 203.0.113.10 prefix-length 28
ip nat inside source list 10 pool GLOBAL overload
access-list 10 permit 10.0.0.0 0.255.255.255

What is the effect?

Question 25mediummultiple choice
Read the full NAT/PAT explanation →

Consider this partial configuration:

ip nat inside source list 1 interface GigabitEthernet0/1 overload
access-list 1 permit 192.168.1.0 0.0.0.255

!

interface GigabitEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside

!

interface GigabitEthernet0/1
 ip address 203.0.113.1 255.255.255.0
 ip nat outside

!

interface GigabitEthernet0/2
 ip address 172.16.0.1 255.255.255.0
 ip nat inside

What is true about traffic from the 172.16.0.0/24 network?

Question 26easymultiple choice
Read the full NAT/PAT explanation →

What is the default timeout for NAT translation entries in Cisco IOS?

Question 27mediummultiple choice
Read the full NAT/PAT explanation →

Which TCP flag combination triggers the NAT translation timeout to change from the default to the 'ip nat translation tcp-timeout' value?

Question 28mediummultiple choice
Read the full NAT/PAT explanation →

According to RFC 2663, what is the term for the process of translating both the source and destination IP addresses in a packet?

Question 29mediummulti select
Read the full NAT/PAT explanation →

Which TWO commands would a network engineer use to verify NAT translations and their statistics on a Cisco IOS router? (Choose TWO.)

Question 30mediummulti select
Read the full NAT/PAT explanation →

Which TWO statements about NAT overload (PAT) are true? (Choose TWO.)

Question 31mediummulti select
Read the full NAT/PAT explanation →

Which TWO configuration steps are required to implement static NAT on a Cisco IOS router? (Choose TWO.)

More NAT and PAT questions available in the full practice test.

Continue Practising →
←

Previous objective

DHCP (IPv4 and IPv6)

All 300-410 Objectives

  • 100.Layer 3 Technologies35%
  • 101.EIGRP Troubleshooting
  • 102.OSPF Troubleshooting (v2/v3)
  • 103.BGP Troubleshooting
  • 104.Route Redistribution
  • 105.Policy-Based Routing (PBR)
  • 106.VRF-Lite
  • 107.Route Maps and Route Filtering
  • 108.Administrative Distance
  • 109.Route Summarization
  • 110.Bidirectional Forwarding Detection (BFD)
  • 200.VPN Technologies20%
  • 201.MPLS Operations
  • 202.MPLS L3VPN
  • 203.DMVPN
  • 204.IPsec Site-to-Site VPN
  • 205.IPv6 Tunneling Techniques
  • 300.Infrastructure Security20%
  • 301.Device Access Control
  • 302.IPv4 Access Control Lists
  • 303.IPv6 Traffic Filtering and uRPF
  • 304.Control Plane Policing (CoPP)
  • 305.IPv6 First Hop Security
  • 400.Infrastructure Services25%
  • 401.Device Management
  • 402.SNMP Troubleshooting
  • 403.Network Logging and Syslog
  • 404.Embedded Event Manager (EEM)
  • 405.IP SLA
  • 406.NetFlow and Flexible NetFlow
  • 407.SPAN, RSPAN, and ERSPAN
  • 408.DHCP (IPv4 and IPv6)
  • 409.NAT and PAT