A network administrator creates the role employees and adds this rule to it: user any any permit
The first several wireless clients assigned to the employees role are assigned IP addresses in the 10.10.10.0/24 subnet. Several other wireless clients with the employees role are then assigned IP addresses in the 10.10.20.0/24.
When the Aruba firewall matches traffic from these clients to the user any any permit rule, what does it do?
The rule 'user any any permit' indicates that traffic is allowed for any source IP (associated with the 'user' alias), any destination IP, and any destination service or port, with the action set to permit. Since the clients within both 10.10.10.0/24 and 10.10.20.0/24 subnets are assigned to the 'employees' role, they match the 'user' condition in the rule. Consequently, the firewall permits traffic from wireless clients in both subnets as long as there is a source IP assigned to them.
per ArubaOS 8.7.1.0 user guide this firewall rule is made of 4 components : - user = source IP - any = destination IP - any = destination service / port - permit = action "the alias user in a policy automatically applies to the IP address assigned to a particular user" (P.483) In the question, the client of both subnet are assigned the employees role. So the same rule applies. Question is not fully clear as the administrator "add this rule". Is there a default rule in a new role ?
Both source addresses are assigned via employee roles, the rest is any, any, so A is the answer.