ACMP_6.4 Exam Questions

Total 172 Questions

Last Updated Exam : 16-Dec-2024

Topic 2: Firewall Roles and Policies2-1 - Policy Design

ip access-list session anewone
user network 10.1.1.0 255.255.255.0 any permit
user any any permit
host 10.1.1.1 host 10.2.2.2 any deny
A user sends a frame with the following attributes:
Source IP: 10.1.1.1 Destination IP: 10.2.2.2 Destination Port: 25
Based on the above Mobility Controller configuration file segment, what will this policy do
with the user frame?


A.

The frame is discarded because of the implicit deny all at the end of the policy.


B.

The frame is discarded because of the statement:user host 10.1.1.1 host 10.2.2.2 deny.


C.

The frame is accepted because of the statement:user any any permit.


D.

The frame is accepted because of the statement:user network 10.1.1.0 255.255.255.0
any permit.


E.

This is not a valid policy.





C.
  

The frame is accepted because of the statement:user any any permit.



Refer to the following configuration segment for this item.
netdestination "internal"
no invert
network 172.16.43.0 255.255.255.0 position 1
range 172.16.11.0 172.16.11.16 position 2
!
ip access-list session "My-Policy"
alias "user" alias "internal" service_any permit queue low
A user frame is evaluated against this firewall policy with the following attributes:
Source IP: 172.17.49.3 Destination IP: 10.100.86.37 Destination Port: 80
Referring to the above file segment, how will the frame be handled by this firewall policy?


A.

The frame will be dropped because of the implicit deny all at the end of the
netdestination definition.


B.

The frame will be dropped because of the implicit deny all at the end of the firewall
policy.


C.

The frame will be forwarded because of the implicit permit all at the end of the firewall
policy.


D.

The frame will be passed because there is no service specified in the firewall policy.


E.

The frame will be dropped because there is no service specified in the firewall policy.





B.
  

The frame will be dropped because of the implicit deny all at the end of the firewall
policy.



Which describe "roles" as used on Aruba Mobility Controllers? (Choose two)


A.

 Roles are assigned to users.


B.

Roles are applied to interfaces.


C.

Policies are built from roles.


D.

A user can belong to only one role at a time.


E.

Roles are a set of authentication rules





A.
  

 Roles are assigned to users.



D.
  

A user can belong to only one role at a time.



When creating a firewall rule what are valid choices for the Service/Application field?
(Choose three)


A.

Applications


B.

Applications Category


C.

Internet Protocol


D.

Internet Category


E.

Protocol





A.
  

Applications



B.
  

Applications Category



E.
  

Protocol



What are valid methods of blacklisting a device? (Choose three)


A.

Manually


B.

Firewall Rule


C.

Firewall Policy


D.

Authentication Failures


E.

Data Rate Thresholds





A.
  

Manually



B.
  

Firewall Rule



D.
  

Authentication Failures



What is the blacklist default time?


A.

30 seconds


B.

1800 seconds


C.

3600 seconds


D.

No default time, it must be done manually


E.

1 day





C.
  

3600 seconds



What are aliases used for?


A.

 improve controller performance


B.

simplify the configuration process


C.

tie IP addresses to ports


D.

assign rules to policies


E.

assign policies to roles





B.
  

simplify the configuration process



Which of the following firewall rules allows a user to initiate an ICMP session to other
devices?(Choose two)


A.

 localip any svc-icmp permit


B.

user any svc-icmp permit


C.

user user svc-icmp permit


D.

any any svc-icmp permit


E.

mswitch any svc-icmp permit





B.
  

user any svc-icmp permit



D.
  

any any svc-icmp permit



Refer to the following configuration segment for this item.
ip access-list session anewone
user network 172.16.1.0 255.255.255.0 any permit
user host 172.16.1.1 any deny
user any any permit
An administrator wants users to have access to all destinations except 172.16.1.1. Based
on the above Aruba Mobility Controller configuration segment, which statements best
describe this policy? (Choose two)


A.

The rule user host 172.16.1.1 any deny is redundant because of the implicit deny all at
the end.


B.

The rule user network 172.16.1.0 255.255.255.0 any permit is redundant.


C.

The two rules user network 172.16.1.0 255.255.255.0 any permit and user host
172.16.1.1 any deny need to be re-sequenced.


D.

The last statement user any any permit is not required


E.

The last statement should be any any any deny





B.
  

The rule user network 172.16.1.0 255.255.255.0 any permit is redundant.



C.
  

The two rules user network 172.16.1.0 255.255.255.0 any permit and user host
172.16.1.1 any deny need to be re-sequenced.



Which of the following could be used to set a user's post-authentication role or VLAN
association? (Choose two)


A.

AAA default role for authentication method


B.

Server Derivation Rule


C.

Vendor Specific Attributes


D.

AP Derivation Rule


E.

The Global AAA profile





B.
  

Server Derivation Rule



C.
  

Vendor Specific Attributes




Page 3 out of 18 Pages
Previous