Answer is D: - A wrong because ACL are not supported on SVI & ACL ID is not defined (only a policy with same ID) - B wrong because ACL are not supported on SVI and it sould be a deny on rule 10 - C wrong because ACL are not supported on SVI - D is ok

Answer is D.

Correct Answer D: Page 316 & 317 Study Guide: olicies can also be applied to a VLAN or an interface. The apply command is used, but in the interface or VLAN context. [Aruba Networks] Note: There are no implicit deny in policies. If you want to apply a policy on traffic, it must match a permit. [Aruba Networks]

I think is letter D

Selected Answer: D switch(config)# class ip VLAN5 switch(config-class-ip)# 10 match ip 10.1.6.0/24 10.1.5.0/24 switch(config-class-ip)# exit switch(config)# policy VLAN5 switch(config-policy)# 10 class ip VLAN5 action drop switch(config-policy)# exit switch(config)# vlan 5 switch(config-vlan-5)# apply policy VLAN5 in switch(config-vlan-5)# exit

switch(config-if-vlan)# apply access-list ip VLAN5 in Invalid input: in switch(config-if-vlan)# apply access-list ip VLAN5 routed-in Routed inbound (ingress) traffic routed-out Routed outbound (egress) traffic New AOS-CX does not accept under C.

for me it's D From study guide, an ACL cannot be applied to a SVI interface so it cannot be C

C is correct answer

i have to choose D A wrong, should apply policy, not access-list B wrong, should deny 10, not permit C looks right, but now in CX CLI, it should be routed-in, not in (tested with 8400) D is ok and tested with 8400 vlan 20 apply policy vlan20 in or interface vlan 20 apply access-list ip vlan20 routed-in