Which match condition can be used by a server derivation rule? (Choose two)
A. greater than
B. less than
C. inverse of
D. contains
E. equals
What are the types of user derivation rules that can be applied to a user? (Choose two)
A. SSID
B. MAC
C. VLAN
D. Role
E. AP
Which is a Device Specific Attribute that can be evaluated in a user derivation rule?
A. user login name
B. authentication server
C. location by AP Name
D. controller Loopback address
E. controller IP
Which of these are NOT a client attribute that can be configured in user derivation rules?
A. MAC address
B. DHCP option value
C. BSSID
D. Filter ID
E. encryption
ip access-list session anewone user network 10.1.1.0 255.255.255.0 any permit user host 10.1.1.1 any deny user any any permit
Referring to the above portion of a Mobility Controller configuration file, what can you conclude? (Choose two)
A. This is a session firewall policy.
B. This is an extended Access Control List (ACL).
C. Any traffic going to destination 10.1.1.1 will be denied.
D. Any traffic going to destination 10.2.2.2 will be denied.
E. Any traffic going to destination 172.16.100.100 will be permitted.
ip access-list session anewone user network 10.1.1.0 255.255.255.0 any permit user any any permit host 10.1.1.1 host 10.2.2.2 any deny
A user sends a frame with the following attributes:
Source IP: 10.1.1.1 Destination IP: 10.2.2.2 Destination Port: 25
Based on the above Mobility Controller configuration file segment, what will this policy do with the user frame?
A. The frame is discarded because of the implicit deny all at the end of the policy.
B. The frame is discarded because of the statement: user host 10.1.1.1 host 10.2.2.2 deny.
C. The frame is accepted because of the statement: user any any permit.
D. The frame is accepted because of the statement: user network 10.1.1.0 255.255.255.0 any permit.
E. This is not a valid policy.
Refer to the following configuration segment for this item.
netdestination "internal" no invert network 172.16.43.0 255.255.255.0 position 1 range 172.16.11.0 172.16.11.16 position 2 ! ip access-list session "My-Policy" alias "user" alias "internal" service_any permit queue low !
A user frame is evaluated against this firewall policy with the following attributes:
Source IP: 172.17.49.3 Destination IP: 10.100.86.37 Destination Port: 80
Referring to the above file segment, how will the frame be handled by this firewall policy?
A. The frame will be dropped because of the implicit deny all at the end of the netdestination definition.
B. The frame will be dropped because of the implicit deny all at the end of the firewall policy.
C. The frame will be forwarded because of the implicit permit all at the end of the firewall policy.
D. The frame will be passed because there is no service specified in the firewall policy.
E. The frame will be dropped because there is no service specified in the firewall policy.
Refer to the following configuration segment for this item.
ip access-list session anewone user network 172.16.1.0 255.255.255.0 any permit user host 172.16.1.1 any deny user any any permit
An administrator wants users to have access to all destinations except 172.16.1.1. Based on the above Aruba Mobility Controller configuration segment, which statements best describe this policy? (Choose two)
A. The rule user host 172.16.1.1 any deny is redundant because of the implicit deny all at the end.
B. The rule user network 172.16.1.0 255.255.255.0 any permit is redundant.
C. The two rules user network 172.16.1.0 255.255.255.0 any permit and user host 172.16.1.1 any deny need to be re-sequenced.
D. The last statement user any any permit is not required
E. The last statement should be any any any deny
Review the following truncated output from an Aruba controller for this item. (example) #show rights logon access-list List Position Name Location 1 logon-control
2 captiveportal logon-control Priority Source Destination Service Action
captiveportal
Priority Source Destination Service Action
1 user controller svc-https dst-nat 8081 2 user any svc-http dst-nat 8080 3 user any svc-https dst-nat 8081 4 user any svc-http-proxy1 dst-nat 8088 5 user any svc-http-proxy2 dst-nat 8088 6 user any svc-http-proxy3 dst-nat 8088
Based on the above output from an Aruba controller, an unauthenticated user assigned to the logon role attempts to start an http session to IP address 172.16.43.170.
What will happen?
A. the user's traffic will be passed to the IP address because of the policy statement: user any svc-http dst-nat 8080
B. the user's traffic will be passed to the IP address because of the policy statement: user any svc-https dst-nat 8081
C. the user's traffic will be passed to the IP address because of the policy statement: user any svc-http-proxy1 dst-nat 8088
D. the user will not reach the IP address because of the policy statement: user any svc-http dst-nat 8080
E. the user will not reach the IP address because of the implicit deny any any at the end of the policy.
The network administrator wishes to terminate the VPN encryption on the Aruba controller.
When writing a firewall rule to accomplish the task of automatically moving the VPN traffic for the wireless clients from a third party VPN concentrator to an Aruba controller, which action needs to be configured in the rule?
A. redirect to IPSec Group
B. source NAT
C. destination NAT
D. redirect to tunnel
E. redirect to GRE
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only HP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ACMP_6.3 exam preparations and HP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.