Question 734 of 1,819
Network Services and SecuritymediumMultiple ChoiceObjective-mapped

Quick Answer

The answer is PAT overload, which is the correct feature because it allows multiple inside hosts from the 192.168.10.0/24 network to share a single public IP address by differentiating each session through unique Layer 4 port numbers. When the edge router translates both the private source IP and the source port to the public IP and a distinct port, it can track and return traffic to the correct internal host—this is the core mechanism of Port Address Translation. On the CCNA 200-301 v2 exam, this concept tests your understanding of how NAT conserves public IPv4 addresses, often appearing in a scenario where you must distinguish PAT from static NAT or dynamic NAT without overload. A common trap is confusing PAT with basic dynamic NAT, but remember: if only one public IP serves many private hosts, it must be PAT. Memory tip: think of PAT as “port-address tagging”—each internal conversation gets a unique port tag on the same public address, like many apartments in one building sharing a single street address but having different unit numbers.

CCNA Network Services and Security Practice Question

This 200-301 practice question tests your understanding of network services and security. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. A key principle to apply: pAT (Port Address Translation) allows multiple inside private IP addresses to share a single public IP address by differentiating sessions using Layer 4 port numbers.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

show run | section nat
ip nat inside source list 10 interface g0/0 overload
access-list 10 permit 192.168.10.0 0.0.0.255

Exhibit: An administrator wants inside hosts in 192.168.10.0/24 to reach the internet using one public IP address on the edge router. Which feature is being used?

Question 1mediummultiple choice
Review the full routing breakdown →

Exhibit

show run | section nat
ip nat inside source list 10 interface g0/0 overload
access-list 10 permit 192.168.10.0 0.0.0.255

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

PAT overload

When many inside private addresses share one public address and are differentiated by Layer 4 port numbers, the router is using PAT. Cisco documentation often calls this NAT overload.

Key principle: PAT (Port Address Translation) allows multiple inside private IP addresses to share a single public IP address by differentiating sessions using Layer 4 port numbers.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Static NAT

    Why it's wrong here

    Static NAT maps one inside address to one outside address.

    When this WOULD be correct

    In a scenario where the question states that a specific internal host needs to be consistently reachable from the internet using a fixed public IP, Static NAT would be the correct answer. For example, if the question specified that a web server with IP 192.168.10.10 should always be accessible via the public IP 203.0.113.5, Static NAT would apply.

  • Policy-based routing

    Why it's wrong here

    That changes forwarding decisions, not address translation.

    When this WOULD be correct

    If the question were framed to ask about directing specific types of traffic from the 192.168.10.0/24 network based on criteria such as source IP or application type, then policy-based routing would be the correct answer. For example, 'An administrator wants to route HTTP traffic from 192.168.10.0/24 through a different gateway than other traffic.'

  • PAT overload

    Why this is correct

    The overload keyword indicates PAT using one outside interface address.

    Related concept

    PAT (Port Address Translation) allows multiple inside private IP addresses to share a single public IP address by differentiating sessions using Layer 4 port numbers.

  • Port security

    Why it's wrong here

    Port security applies on switch ports, not this router NAT function.

    When this WOULD be correct

    If the question were about securing a network by limiting the number of devices that can connect to a switch port, or if it asked how to prevent unauthorized devices from accessing the network, then port security would be the correct answer.

Option-by-option analysis

Why each answer is right or wrong

Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The 200-301 exam frequently reuses these exact scenarios with slightly different constraints.

PAT overloadCorrect answer

Why this is correct

The overload keyword indicates PAT using one outside interface address.

Static NATWrong answer — click to see why

Why this is wrong here

Static NAT requires a one-to-one mapping between an inside local address and an inside global address, which would consume multiple public IPs if multiple hosts need internet access. It does not allow multiple inside hosts to share a single public IP.

★ When this WOULD be the correct answer

In a scenario where the question states that a specific internal host needs to be consistently reachable from the internet using a fixed public IP, Static NAT would be the correct answer. For example, if the question specified that a web server with IP 192.168.10.10 should always be accessible via the public IP 203.0.113.5, Static NAT would apply.

Why candidates choose this

Students may confuse static NAT with dynamic NAT or PAT because all involve address translation, but static NAT is typically used for servers that need consistent public addresses, not for many hosts sharing one IP.

Policy-based routingWrong answer — click to see why

Why this is wrong here

Policy-based routing (PBR) is used to override the routing table based on policies (e.g., source/destination IP, protocol), not to perform address translation. It does not modify IP addresses or enable multiple hosts to share a single public IP.

★ When this WOULD be the correct answer

If the question were framed to ask about directing specific types of traffic from the 192.168.10.0/24 network based on criteria such as source IP or application type, then policy-based routing would be the correct answer. For example, 'An administrator wants to route HTTP traffic from 192.168.10.0/24 through a different gateway than other traffic.'

Why candidates choose this

The term 'policy' might lead students to think it involves some form of access control or translation, but PBR is purely a routing mechanism, not a NAT feature.

Port securityWrong answer — click to see why

Why this is wrong here

Port security is a switchport security feature that restricts MAC addresses allowed on a port to prevent unauthorized access. It does not perform IP address translation or enable internet access for multiple hosts.

★ When this WOULD be the correct answer

If the question were about securing a network by limiting the number of devices that can connect to a switch port, or if it asked how to prevent unauthorized devices from accessing the network, then port security would be the correct answer.

Why candidates choose this

The word 'port' in port security might be confused with the port numbers used in PAT, but port security deals with physical switch ports and MAC addresses, not TCP/UDP port translation.

Analysis generated from the official 200-301blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”

Common exam traps

Common exam trap: answer the scenario, not the keyword

Be careful not to confuse the different types of NAT. Remember, PAT is specifically for sharing one public IP among many devices using port numbers.

Detailed technical explanation

How to think about this question

Port Address Translation (PAT), often called NAT overload in Cisco terminology, is a form of Network Address Translation that enables multiple devices on a private network to access external networks using a single public IP address. PAT works by translating the private IP addresses and their source ports into the public IP address and unique port numbers, allowing the router to keep track of each session individually. This method conserves public IP addresses and is widely used in IPv4 networks where public addresses are scarce. In Cisco routers, PAT is configured by applying NAT with the 'overload' keyword on the outside interface. This tells the router to translate multiple inside local addresses to the single inside global address (the public IP) by assigning different source port numbers. When inside hosts initiate connections to the internet, the router modifies the source IP and port, and when responses return, it uses the port number to correctly forward packets back to the originating host. This dynamic translation is essential for enabling many hosts in a private subnet like 192.168.10.0/24 to share one public IP. A common exam trap is confusing PAT overload with static NAT or policy-based routing. Static NAT maps one private IP to one public IP, which cannot support multiple hosts sharing one IP. Policy-based routing influences packet forwarding paths but does not perform address translation. Port security is a Layer 2 feature unrelated to NAT. Understanding these distinctions helps avoid selecting incorrect answers and ensures proper NAT configuration for internet access in Cisco environments.

KKey Concepts to Remember

  • PAT (Port Address Translation) allows multiple inside private IP addresses to share a single public IP address by differentiating sessions using Layer 4 port numbers.
  • Cisco NAT overload is a common term for PAT, where the router uses one outside interface IP address with multiple port numbers to translate many inside hosts.
  • Static NAT creates a one-to-one mapping between a private IP address and a public IP address, which does not support multiple hosts sharing a single public IP.
  • Policy-based routing changes packet forwarding decisions based on policies but does not perform IP address translation or NAT functions.
  • Port security restricts MAC addresses on switch ports to prevent unauthorized access and is unrelated to NAT or IP address translation on routers.
  • PAT overload is essential for conserving public IPv4 addresses by enabling many inside hosts to access the internet using a single public IP.
  • The router uses the 'overload' keyword in NAT configuration to enable PAT, allowing multiple simultaneous translations with unique port numbers.
  • Understanding the difference between static NAT and PAT overload is critical for correctly configuring internet access for multiple inside hosts.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

PAT (Port Address Translation) allows multiple inside private IP addresses to share a single public IP address by differentiating sessions using Layer 4 port numbers.

Real-world example

How this comes up in practice

A small business has 20 workstations on the 192.168.1.0/24 network and one public IP from its ISP. The router uses PAT (NAT overload) so all 20 devices share one public address using different source ports. NAT questions test whether you understand the four address terms and which direction each translation applies.

What to study next

Got this wrong? Here's your next step.

Review pAT (Port Address Translation) allows multiple inside private IP addresses to share a single public IP address by differentiating sessions using Layer 4 port numbers., then practise related 200-301 questions on the same topic to reinforce the concept.

Related practice questions

Related 200-301 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 200-301 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 200-301 question test?

Network Services and Security — This question tests Network Services and Security — PAT (Port Address Translation) allows multiple inside private IP addresses to share a single public IP address by differentiating sessions using Layer 4 port numbers..

What is the correct answer to this question?

The correct answer is: PAT overload — When many inside private addresses share one public address and are differentiated by Layer 4 port numbers, the router is using PAT. Cisco documentation often calls this NAT overload.

What should I do if I get this 200-301 question wrong?

Review pAT (Port Address Translation) allows multiple inside private IP addresses to share a single public IP address by differentiating sessions using Layer 4 port numbers., then practise related 200-301 questions on the same topic to reinforce the concept.

What is the key concept behind this question?

PAT (Port Address Translation) allows multiple inside private IP addresses to share a single public IP address by differentiating sessions using Layer 4 port numbers.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: May 17, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.