HPE Aruba Certified Design Expert (ACDX) — Question 28

A network administrator creates the role employees and adds this rule to it: user any any permit
The first several wireless clients assigned to the employees role are assigned IP addresses in the 10.10.10.0/24 subnet. Several other wireless clients with the employees role are then assigned IP addresses in the 10.10.20.0/24.
When the Aruba firewall matches traffic from these clients to the user any any permit rule, what does it do?

Answer options

• A. It permits traffic from wireless clients in both the 10.10.10.0/24 and 10.10.20.0/24 subnet as long as the packet has a source IP.
• B. It permits the traffic from wireless clients in the 10.10.20.0/24 subnet, but drops the traffic from wireless clients in the 10.10.10.0/24 subnet.
• C. It drops traffic from wireless clients in both the 10.10.10.0/24 and 10.10.20.0/24 subnet.
• D. It permits the traffic from wireless clients in the 10.10.10.0/24 subnet, but drops the traffic from wireless clients in the 10.10.20.0/24 subnet.

Correct answer: A

Explanation

The correct answer is A because the rule 'user any any permit' allows all traffic from users, which includes clients from both subnets as long as they have a source IP. Option B is incorrect as it wrongly states that traffic from the 10.10.10.0/24 subnet is dropped. Option C is incorrect because it suggests that all traffic is discarded, which contradicts the permit rule. Option D is also wrong since it implies that traffic from the 10.20.0/24 subnet is dropped, which is not the case.