ACSP - Aruba Certified Switching Professional Access Control Lists (ACLs) Questions and Answers

Question 1

A network administrator applies an ACL to filter traffic.
The ACL contains two access control entries (ACEs): `10 permit tcp 10.1.10.5 host 192.168.1.100 eq 80` and `20 deny ip 10.1.10.0/24 any`.
A user at 10.1.10.5 reports they cannot access a web server at 192.168.1.100.
What is the most likely reason for this issue?

Accepted Answer

The ACL is missing a rule to permit the return traffic from the web server.

Answer

The ACL is applied in the outbound direction on the client's interface.

Answer

The switch is processing the ACE with sequence number 20 before sequence number 10.

Answer

An implicit deny rule at the end of the ACL is blocking the traffic.

Question 2

What is the default, final action for any packet that does not match any of the configured entries in an ArubaOS-CX access control list?

Accepted Answer

Deny

Answer

Forward

Answer

Log

Answer

Remark

Question 3

An administrator has created a MAC ACL named `IOT-SECURITY` to restrict device access on a specific port. Which of the following commands correctly applies this ACL to interface 1/1/5 for inbound traffic?

Accepted Answer

interface 1/1/5; apply access-list mac IOT-SECURITY in

Answer

interface 1/1/5; apply access-list IOT-SECURITY in

Answer

vlan 1; apply access-list mac IOT-SECURITY in

Answer

interface 1/1/5; apply access-list mac IOT-SECURITY routed-in

Question 4

An administrator is creating an extended IPv4 ACL on an ArubaOS-CX switch to filter traffic between subnets. Which of the following criteria can be used in an ACE for this type of ACL?

Accepted Answer

Destination TCP/UDP port number

Answer

Source MAC address

Answer

LLDP MED type

Answer

CoS priority value

Question 5

An administrator configures two ACEs in an ACL: `20 deny tcp any any eq 22` and `10 permit ip 10.50.0.0/16 any`. A user on host 10.50.1.10 attempts to SSH to a server. The connection fails. What is the reason for this failure?

Accepted Answer

The deny rule has a lower sequence number and is processed first.

Answer

The deny rule has a higher sequence number and is processed last.

Answer

The permit rule should specify the TCP protocol instead of IP.

Answer

The ACL is stateful and blocks the return SSH traffic.

Question 6

A network security policy requires that traffic between VLANs be filtered. Specifically, devices in the 'Users' VLAN (VLAN 10) should be blocked from accessing any services on the 'Servers' VLAN (VLAN 20), but servers should be able to initiate connections to users. Where should the ACL be applied to be most efficient?

Accepted Answer

On the VLAN 10 interface (SVI) in the inbound direction.

Answer

On VLAN 20 in the outbound direction.

Answer

On all physical ports belonging to VLAN 10.

Answer

On the control plane of the switch.