HPE Aruba Certified Network Security Expert (ACNSX) — Question 49

Examine the following ACL rule policies:
✑ Permit traffic from 10.2.2.1 through 10.2.2.30 to anywhere
✑ Permit traffic from 10.2.2.40 through 10.2.2.55 to anywhere
✑ Deny all others
Based on this policy, place the following ACL rule statements in the correct order to accomplish the above filtering policy.

Answer options

• A. deny ip 10.2.2.31 255.255.255.255 any permit ip 10.2.2.40 255.255.255.248 any permit ip 10.2.2.48 255.255.255.248 any deny ip 10.2.2.32 255.255.255.224 any permit ip 10.2.2.0 255.255.255.192 any
• B. permit ip 10.2.2.40 255.255.255.248 any permit ip 10.2.2.48 255.255.255.248 any permit ip 10.2.2.0 255.255.255.192 any deny ip 10.2.2.31 255.255.255.255 any deny ip 10.2.2.32 255.255.255.224 any
• C. deny ip 10.2.2.31 255.255.255.255 any deny ip 10.2.2.32 255.255.255.224 any permit ip 10.2.2.40 255.255.255.248 any permit ip 10.2.2.48 255.255.255.248 any permit ip 10.2.2.0 255.255.255.192 any
• D. deny ip 10.2.2.31 255.255.255.255 any permit ip 10.2.2.40 255.255.255.248 any deny ip 10.2.2.32 255.255.255.224 any permit ip 10.2.2.48 255.255.255.248 any permit ip 10.2.2.0 255.255.255.192 any

Correct answer: A

Explanation

The correct answer, A, begins by denying traffic from IPs that fall between the two permitted ranges, then allows traffic from the specified ranges and finally permits the broader range. Options B and C incorrectly position the deny statements before the permits, which would not achieve the desired filtering. Option D also misplaces the deny command, which would block necessary traffic before allowing the permitted traffic.