Topic 2: Firewall Roles and Policies2-1 - Policy Design
ip access-list session anewone
user network 10.1.1.0 255.255.255.0 any permit
user any any permit
host 10.1.1.1 host 10.2.2.2 any deny
A user sends a frame with the following attributes:
Source IP: 10.1.1.1 Destination IP: 10.2.2.2 Destination Port: 25
Based on the above Mobility Controller configuration file segment, what will this policy do
with the user frame?
A.
The frame is discarded because of the implicit deny all at the end of the policy.
B.
The frame is discarded because of the statement:user host 10.1.1.1 host 10.2.2.2 deny.
C.
The frame is accepted because of the statement:user any any permit.
D.
The frame is accepted because of the statement:user network 10.1.1.0 255.255.255.0
any permit.
E.
This is not a valid policy.
The frame is accepted because of the statement:user any any permit.
Refer to the following configuration segment for this item.
netdestination "internal"
no invert
network 172.16.43.0 255.255.255.0 position 1
range 172.16.11.0 172.16.11.16 position 2
!
ip access-list session "My-Policy"
alias "user" alias "internal" service_any permit queue low
A user frame is evaluated against this firewall policy with the following attributes:
Source IP: 172.17.49.3 Destination IP: 10.100.86.37 Destination Port: 80
Referring to the above file segment, how will the frame be handled by this firewall policy?
A.
The frame will be dropped because of the implicit deny all at the end of the
netdestination definition.
B.
The frame will be dropped because of the implicit deny all at the end of the firewall
policy.
C.
The frame will be forwarded because of the implicit permit all at the end of the firewall
policy.
D.
The frame will be passed because there is no service specified in the firewall policy.
E.
The frame will be dropped because there is no service specified in the firewall policy.
The frame will be dropped because of the implicit deny all at the end of the firewall
policy.
Which describe "roles" as used on Aruba Mobility Controllers? (Choose two)
A.
Roles are assigned to users.
B.
Roles are applied to interfaces.
C.
Policies are built from roles.
D.
A user can belong to only one role at a time.
E.
Roles are a set of authentication rules
Roles are assigned to users.
A user can belong to only one role at a time.
When creating a firewall rule what are valid choices for the Service/Application field?
(Choose three)
A.
Applications
B.
Applications Category
C.
Internet Protocol
D.
Internet Category
E.
Protocol
Applications
Applications Category
Protocol
What are valid methods of blacklisting a device? (Choose three)
A.
Manually
B.
Firewall Rule
C.
Firewall Policy
D.
Authentication Failures
E.
Data Rate Thresholds
Manually
Firewall Rule
Authentication Failures
What is the blacklist default time?
A.
30 seconds
B.
1800 seconds
C.
3600 seconds
D.
No default time, it must be done manually
E.
1 day
3600 seconds
What are aliases used for?
A.
improve controller performance
B.
simplify the configuration process
C.
tie IP addresses to ports
D.
assign rules to policies
E.
assign policies to roles
simplify the configuration process
Which of the following firewall rules allows a user to initiate an ICMP session to other
devices?(Choose two)
A.
localip any svc-icmp permit
B.
user any svc-icmp permit
C.
user user svc-icmp permit
D.
any any svc-icmp permit
E.
mswitch any svc-icmp permit
user any svc-icmp permit
any any svc-icmp permit
Refer to the following configuration segment for this item.
ip access-list session anewone
user network 172.16.1.0 255.255.255.0 any permit
user host 172.16.1.1 any deny
user any any permit
An administrator wants users to have access to all destinations except 172.16.1.1. Based
on the above Aruba Mobility Controller configuration segment, which statements best
describe this policy? (Choose two)
A.
The rule user host 172.16.1.1 any deny is redundant because of the implicit deny all at
the end.
B.
The rule user network 172.16.1.0 255.255.255.0 any permit is redundant.
C.
The two rules user network 172.16.1.0 255.255.255.0 any permit and user host
172.16.1.1 any deny need to be re-sequenced.
D.
The last statement user any any permit is not required
E.
The last statement should be any any any deny
The rule user network 172.16.1.0 255.255.255.0 any permit is redundant.
The two rules user network 172.16.1.0 255.255.255.0 any permit and user host
172.16.1.1 any deny need to be re-sequenced.
Which of the following could be used to set a user's post-authentication role or VLAN
association? (Choose two)
A.
AAA default role for authentication method
B.
Server Derivation Rule
C.
Vendor Specific Attributes
D.
AP Derivation Rule
E.
The Global AAA profile
Server Derivation Rule
Vendor Specific Attributes
Page 3 out of 18 Pages |
Previous |