HPE Aruba Certified Mobility Associate (ACMA) — Question 15

Scenario:
An architect proposes these products for a customer who wants a wireless and wired upgrade:
✑ Aruba 2930M switches at the access layer
✑ Aruba 5406R switches at the core
✑ Aruba AP-325s
✑ Aruba 7205 Mobility Controllers (MCs), deployed in a cluster
✑ Aruba Mobility Master (MM)
✑ Aruba ClearPass Cx000V
✑ Aruba AirWare
The architect also needs to propose a security plan for the solution. The customer has 900 employees and up to 30 guests a day. The customer wants to protect the internal perimeter of the network with authentication and simple access controls. The customer is most concerned about wireless security, but also wants to ensure that only trusted users connect on the wire. However, the customer also wants all wired traffic to be forwarded locally on access layer switches. The customer already has a third-party firewall that protects the data center.
The customer wants to use certificates to authenticate user devices, but is concerned about the complexity of deploying the solution. The architect should recommend a way to simplify. For the most part users connect company-issued laptops to the network. However, users can bring their own devices and connect them to the network. The customer does not know how many devices each user will connect, but expects about two or three per-user. DHCP logs indicate that the network supports a maximum of 2800 devices.
Refer to the provided scenario.
Which solution should the architect recommend on the 2930M switches to authenticate and control wired employee devices?

Answer options

Correct answer: A

Explanation

The correct answer is A, as using MAC Authentication on edge ports with no tunneled node simplifies the deployment for the customer concerned about complexity. Options B and C introduce 802.1X, which can be more complex to implement, particularly with certificates, while option D complicates the setup with per-user tunneled nodes, which is not necessary given the customer's requirements.