Explanation/Reference:
Section: Considerations for Expanding an Existing Network Explanation
Explanation:
You can use Network Address Translation (NAT) to hide the IP addresses of hosts on an internal network when transmitting packets to an external network, such as the Internet. NAT is used to translate private IP addresses to public IP addresses. Private-to-public address translation enables hosts on a privately addressed internal network to communicate with hosts on a public network, such as the Internet. Typically, internal networks use private IP addresses, which are not globally routable. In order to enable communication with hosts on the Internet, which use public IP addresses, NAT translates the private IP addresses to a public IP address. Port Address Translation (PAT) can further refine what type of communication is allowed between an externally facing resource and an internally facing resource by designating the port numbers to be used during communication. PAT can create multiple unique connections between the same external and internal resources.
You cannot use a demilitarized zone (DMZ) to hide the IP addresses of hosts on an internal network when transmitting packets to an external network. A DMZ is a network segment that is used as a boundary between an internal network and an external network, such as the Internet. A DMZ network segment is typically used with an access control method to permit external users to access specific externally facing servers, such as web servers and proxy servers, without providing access to the rest of the internal network. This helps limit the attack surface of a network.
You cannot use Wi-Fi Protected Access (WPA) to hide the IP addresses of hosts on an internal network when transmitting packets to an external network. WPA is a wireless standard that is used to encrypt data transmitted over a wireless network. WPA was designed to address weaknesses in Wired Equivalent Privacy (WEP) by using a more advanced encryption method called Temporal Key Integrity Protocol (TKIP). TKIP provides 128bit encryption, key hashing, and message integrity checks. TKIP can be configured to change keys dynamically, which increases wireless network security.
You cannot use an access control list (ACL) to hide the IP addresses of hosts on an internal network when transmitting packets to an external network. ACLs are used to control packet flow across a network. They can either permit or deny packets based on source network, destination network, protocol, or destination port. Each ACL can only be applied to a single protocol per interface and per direction. Multiple ACLs can be used to accomplish more complex packet flow throughout an organization. For example, you could use an ACL on a router to restrict a specific type of traffic, such as Telnet sessions, from passing through a corporate network.
Reference:
CCDA 200-310 Official Cert Guide, Chapter 8, NAT, pp. 300-302