HPE6-A49 Question #43: Real Exam Question with Answer & Explanation

Case study A retailer needs a wireless and wired network upgrade, as well as an authentication and access control solution for a network that includes a main office with a three-floor building and six branch sites. The branch users all use resources at the main corporate office. Branch office employees will use wireless connections. At the main office, employees use wired and wireless connections. The customer wants the strongest authentication for employee wireless connections. It is also important that the MC role-based firewall can implement consistent access controls on employee connections no matter where the employees connect and no matter how they connect (wirelessly or, at the main site, wired). The customer also needs to provide complimentary wireless access for guests. Guest should be redirected to a portal, through which they can register and login. The customer would like two SSIDs, CompanyXEmployee and CompanyXGuest. The company wants to divide employees in two groups, managers and staff. In the corporate network, managers should only have access to Server Group Managers and staff should only have access to Server Group Staff. Each server group includes necessary services such as domain and DHCP, as well as servers that the employees access to do their jobs. All employees should also have access to the Internet. Guests should only have HTTP and HTTPS access, and only to the Internet. The customer has: - a maximum of 1000 employee devices - a maximum of 100 guest devices at the same time - 500 devices on wired ports at the main site, which will be supported by 12 new AOS-Switches (mostly employee laptops, as well as a few non- 802.1X capable printers, which should just communicate with print servers) The devices used by employees include 450 company-issued laptops, which the company wants to screen for security issues and violations of security policies. All authentications are assumed to be concurrent. To fulfill the requirements for the wireless network upgrade, the architect plans to propose: - 5 RAPs at each of 6 branch sites - 60 APs at the main site The architect will also propose an MM and ClearPass. The architect still needs to plan the Mobility Controllers (MCs). The customer requires high availability for wireless services and redundancy for the MCs. If a single MC fails, the network must continue to function without impact. If an MC fails, the customer must also receive a replacement component for the failed component by the next business day so that their IT staff can install it and get the network back to normal operation as soon as possible. Software upgrades must also be seamless, without the introduction of any downtime for wireless services, and the customer needs to be able to obtain the latest software over the lifetime of the solution for the next several years. What is a correct plan for firewall rules for the guest role? (The options describe the rules, but do not need to use correct command syntax.)