HP Exam HPE7-A02 Topic 3 Question 8 Discussion

Actual exam question for HP's HPE7-A02 exam

Question #: 8
Topic #: 3

[All HPE7-A02 Questions]

A port-access role for AOS-CX switches has this policy applied to it:

plaintext

Copy code

port-access policy mypolicy

10 class ip zoneC action drop

20 class ip zoneA action drop

100 class ip zoneB

The classes have this configuration:

plaintext

Copy code

class ip zoneC

10 match tcp 10.2.0.0/16 eq https

class ip zoneA

10 match ip any 10.1.0.0/16

class ip zoneB

10 match ip any 10.0.0.0/8

The company wants to permit clients in this role to access 10.2.12.0/24 with HTTPS. What should you do?

AAdd this rule to zoneC: 5 match any 10.2.12.0/24 eq https

BAdd this rule to zoneA: 5 ignore tcp any 10.2.12.0/24 eq https

CAdd this rule to zoneB: 5 match tcp any 10.2.12.0/24 eq https

DAdd this rule to zoneC: 5 ignore tcp any 10.2.12.0/24 eq https

Show Suggested Answer

Suggested Answer: A

Comprehensive Detailed Explanation

The requirement is to permit HTTPS traffic from clients to the 10.2.12.0/24 subnet.

ZoneC is configured to drop all HTTPS traffic to the 10.2.0.0/16 subnet. Therefore, the first match in the zoneC class (priority 10) will drop the desired traffic.

To override this behavior, you must add a higher-priority rule (lower rule number) to zoneC that explicitly matches 10.2.12.0/24 and permits the traffic.

Thus, adding the rule 5 match any 10.2.12.0/24 eq https to zoneC ensures the desired traffic is permitted while maintaining the drop behavior for the rest of 10.2.0.0/16.

Reference

AOS-CX Role-Based Access Control documentation.

Understanding class priority and policy rule ordering in AOS-CX.

by Louann at Mar 24, 2025, 05:28 PM

Limited Time Offer

25%

Off

Get Premium HPE7-A02 Questions as Interactive Web-Based Practice Test or PDF