HPE Aruba Certified Network Security Expert (ACNSX) — Question 11

An administrator is implementing a downloadable user role solution involving AOS-CX switches. The AAA solution and the AOS-CX switches can successfully authenticate users; however, the role information fails to download to the switches. What policy should be added to an intermediate firewall to allow the downloadable role function to succeed?

Answer options

• A. Allow TCP 443
• B. Allow UDP 1811
• C. Allow UDP 8211
• D. Allow TCP 22

Correct answer: A

Explanation

The correct answer is A, Allow TCP 443, because this port is used for secure communications, which is essential for downloading role information. The other options do not facilitate the secure transmission required for role downloading; UDP 1811 and 8211 are not standard ports for this purpose, and TCP 22 is typically used for SSH, not role downloads.