How can NAT/PAT complicate network security monitoring if NetFlow is being used?

  • It changes the source and destination MAC addresses.
  • It conceals the contents of a packet by encrypting the data payload.
  • It disguises the application initiated by a user by manipulating port numbers.
  • It hides internal IP addresses by allowing them to share one or a few outside IP addresses.

Explanation & Hint:

NAT/PAT maps multiple internal IP addresses with only a single or a few outside IP addresses breaking end-to-end flows. The result makes it difficult to log the inside device that is requesting and receiving the traffic. This is especially a problem with a NetFlow application because NetFlow flows are unidirectional and are defined by the addresses and ports that they share.

For more Questions and Answers:

CyberOps Associate (200-201) Certification Practice Exam Answers Full 100%