A network administrator assists with the migration of a WLAN from a third-party vendor to Aruba in different locations throughout the country. In order to manage the solution from a central point, the network administrator decides to deploy redundant Mobility Masters (MMs) in a datacenter that are reachable through the Internet.
Since not all locations own public IP addresses, the security team is not able to configure strict firewall policies at the datacenter without disrupting some MM to Mobility Controller (MC) communications. They are also concerned about exposing the MMs to unauthorized inbound connection attempts.
What should the network administrator do to ensure the solution is functional and secure?
A. Deploy an MC at the datacenter as a VPN concentrator.
B. Block all ports to the MMs except UDP 500 and 4500.
C. Install a PEFV license, and configure firewall policies that protect the MM.
D. Block all inbound connections, and instruct the MM to initiate the connection to the MCs.
|
Download Printable PDF. VALID exam to help you PASS. |
 |
Correct Answer is B
Ports 4500 and 500 are essential for controller to controller communication , since other sites do not have static/available public IP , using VPN site to site by VPN concentrator is not an option here m question also states that both MMs are reachable on the internet already so blocking admin ports is essential
Answer A could have been correct if both MMs were not already accessible from the internet and other sites had public IPs
A
nope, you’re false.