Refer to the exhibits.
Exhibit 1 -
Exhibit 2 -
A company has an Aruba solution. Client 1 is assigned to the users1 role, and Client 2 is assigned to the users2 role. The exhibits show current firewall rules for those roles. The network1 alias used to be 10.1.1.0/24, but the network administrator now changes the network1 alias to 172.16.1.0/24. Client 1 and Client 2 both then send a packet destined to 172.16.1.10.
How does the firewall handle these packets?
In the provided exhibits, Client 1 is assigned to the users1 role, and Client 2 to the users2 role. The users1 role has a rule that denies all traffic to 172.16.0.0/16, and since 172.16.1.10 falls within this range, the packet from Client 1 would be denied. The users2 role lacks an explicit rule that matches the 172.16.1.0/24 network, so the implicit deny all rule at the end of the ACL would apply, resulting in the packet from Client 2 also being denied. Therefore, the firewall denies both packets.
. Aruba Forum "implicit deny all is apply at the bottom of the user role policy list." https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=5286 Answer is D .
Correct answer is A. In first ACL there is a deny to that subnet, in second ACL the implicit deny any any match the packet