Aruba ACMP_6.4 Aruba Certified Mobility Professional 6.4 Online Training
Aruba ACMP_6.4 Online Training
The questions for ACMP_6.4 were last updated at Feb 05,2025.
- Exam Code: ACMP_6.4
- Exam Name: Aruba Certified Mobility Professional 6.4
- Certification Provider: Aruba
- Latest update: Feb 05,2025
The Aruba Policy Enforcement Firewall (PEF) module supports source network address translation (srcnat).
Which is a use of this statement in an Aruba configuration?
- A . provide a single source IP address for users in a role
- B . redirect Captive Portal HTTP sessions
- C . redirect Access Points to another Aruba controller
- D . provide IP addresses to clients
- E . redirects clients to Aruba Firewall
Review the following truncated output from an Aruba controller for this item.
(example) #show rights logon
access-list List
—————-
Position Name Location
——– —- ——–
1 logon-control
2 captiveportal
logon-control
————-
Priority Source Destination Service Action
——– —— ———– ——- ——
1 user any udp 68 deny
2 any any svc-icmp permit
3 any any svc-dns permit
4 any any svc-dhcp permit
5 any any svc-natt permit
captiveportal
————-
Priority Source Destination Service Action
——– —— ———– ——- ——
1 user controller svc-https dst-nat 8081
2 user any svc-http dst-nat 8080
3 user any svc-https dst-nat 8081
4 user any svc-http-proxy1 dst-nat 8088
5 user any svc-http-proxy2 dst-nat 8088
6 user any svc-http-proxy3 dst-nat 8088
Based on the above output from an Aruba controller, an unauthenticated user assigned to the logon role attempts to start an http session to IP address 172.16.43.170.
What will happen?
- A . the user’s traffic will be passed to the IP address because of the policy statement: user any svc-http dst-nat 8080
- B . the user’s traffic will be passed to the IP address because of the policy statement: user any svc-https dst-nat 8081
- C . the user’s traffic will be passed to the IP address because of the policy statement: user any svc-httpproxy1 dst-nat 8088
- D . the user will not reach the IP address because of the policy statement: user any svc-http dst-nat 8080
- E . the user will not reach the IP address because of the implicit deny any any at the end of the policy.
Refer to the following configuration segment for this item.
ip access-list session anewone
user network 172.16.1.0 255.255.255.0 any permit
user host 172.16.1.1 any deny
user any any permit
An administrator wants users to have access to all destinations except 172.16.1.1. Based on the above Aruba Mobility Controller configuration segment, which statements best describe this policy? (Choose two)
- A . The rule user host 172.16.1.1 any deny is redundant because of the implicit deny all at the end.
- B . The rule user network 172.16.1.0 255.255.255.0 any permit is redundant.
- C . The two rules user network 172.16.1.0 255.255.255.0 any permit and user host 172.16.1.1 any deny need to be re-sequenced.
- D . The last statement user any any permit is not required
- E . The last statement should be any any any deny
Refer to the following configuration segment for this item.
netdestination "internal"
no invert
network 172.16.43.0 255.255.255.0 position 1
range 172.16.11.0 172.16.11.16 position 2
!
ip access-list session "My-Policy"
alias "user" alias "internal" service_any permit queue low
!
A user frame is evaluated against this firewall policy with the following attributes:
Source IP: 172.17.49.3 Destination IP: 10.100.86.37 Destination Port: 80
Referring to the above file segment, how will the frame be handled by this firewall policy?
- A . The frame will be dropped because of the implicit deny all at the end of the netdestination definition.
- B . The frame will be dropped because of the implicit deny all at the end of the firewall policy.
- C . The frame will be forwarded because of the implicit permit all at the end of the firewall policy.
- D . The frame will be passed because there is no service specified in the firewall policy.
- E . The frame will be dropped because there is no service specified in the firewall policy.
ip access-list session anewone
user network 10.1.1.0 255.255.255.0 any permit
user any any permit
host 10.1.1.1 host 10.2.2.2 any deny
A user sends a frame with the following attributes:
Source IP: 10.1.1.1 Destination IP: 10.2.2.2 Destination Port: 25
Based on the above Mobility Controller configuration file segment, what will this policy do with the user frame?
- A . The frame is discarded because of the implicit deny all at the end of the policy.
- B . The frame is discarded because of the statement: user host 10.1.1.1 host 10.2.2.2 deny.
- C . The frame is accepted because of the statement: user any any permit.
- D . The frame is accepted because of the statement: user network 10.1.1.0 255.255.255.0 any permit.
- E . This is not a valid policy.
ip access-list session anewone
user network 10.1.1.0 255.255.255.0 any permit
user host 10.1.1.1 any deny
user any any permit
Referring to the above portion of a Mobility Controller configuration file, what can you conclude? (Choose two)
- A . This is a session firewall policy.
- B . This is an extended Access Control List (ACL).
- C . Any traffic going to destination 10.1.1.1 will be denied.
- D . Any traffic going to destination 10.2.2.2 will be denied.
- E . Any traffic going to destination 172.16.100.100 will be permitted.
The screen captures above show the 802.1X authentication profile and AAA profile settings for a VAP.
If machine authentication fails and user authentication passes, which role will be assigned?
- A . employee
- B . guest
- C . denyall
- D . logon
- E . no role is assigned
The screen captures above show the 802.1X authentication profile and AAA profile settings for a VAP.
If machine authentication passes and user authentication fails, which role will be assigned?
- A . employee
- B . denyall
- C . guest
- D . logon
- E . no role is assigned
The screen captures above show the 802.1X authentication profile and AAA profile settings for a VAP.
If machine authentication fails and user authentication fails, which role will be assigned?
- A . employee
- B . guest
- C . Captive Portal
- D . Logon
- E . no role will be assigned
What can NOT be configured from the Aruba controller configuration wizards?
- A . Controller IP
- B . Boot Partition
- C . User firewall policy.
- D . User derivation rules.
- E . Radius Servers
Latest ACMP_6.4 Dumps Valid Version with 173 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
