HPE Aruba Certified Network Security Expert (ACNSX) — Question 111

What is correct regarding the configuration of ACLs on AOS-CX switches?

Answer options

• A. Statements with the log keyword are always processed by the switch CPU.
• B. Standard ACLs are used to match on routes when performing route distribution.
• C. Wildcard masks are used to match on a range of IP addresses.
• D. Numbers 100 through 199 and 2000 through 2999 are used when creating extended ACLs.

Correct answer: A

Explanation

The correct answer is A because statements with the log keyword require processing by the switch's CPU to generate log messages. Option B is incorrect as standard ACLs do not match routes; they filter traffic based on source IP. Option C is misleading since wildcard masks do not match a range of IP addresses directly but rather specify which bits of an IP address to consider. Option D is wrong because the specified number ranges apply to extended ACLs, but only extended ACLs can use different ranges.