HPE Aruba Certified Design Expert (ACDX) — Question 29

A network administrator configures an Aruba Mobility Master (MM)-based solution to provide wireless access to employees. The solution must meet these criteria:
✑ Authenticate users to a network RADIUS server
✑ Enforce different Aruba firewall rules based on the user department
How can the administrator meet these criteria in the simplest way?

Answer options

• A. Create a different WLAN and SSID for each department. Apply different firewall policies to each WLAN.
• B. Have the RADIUS server send different roles for users in different departments. Apply role-based firewall policies.
• C. Create multiple zones on the MM. Assign different departments are sets of firewall policies to different zones.
• D. Have the RADIUS server assign users in different departments to different VLANs. Apply firewall policies based on IP ranges.

Correct answer: B

Explanation

The correct answer is B because having the RADIUS server send different roles allows for dynamic policy application based on the user's department, which is efficient and simplifies management. Option A would require multiple SSIDs, complicating the setup, while C introduces unnecessary complexity with zones, and D's VLAN-based approach could complicate firewall management without providing the necessary role-based granularity.