Ask Question
HP HPE7-A02 Practice Test - Questions Answers, Page 2
Add to Whishlist
List of questions
Question 11
You need to set up an HPE Aruba Networking VIA solution for a customer who needs to support 2100 remote employees. The customer wants employees to download their VIA connection profile from the VPNC. Only employees who authenticate with their domain credentials to HPE Aruba Networking ClearPass Policy
Manager (CPPM) should be able to download the profile. (A RADIUS server group for CPPM is already set up on the VPNC.)
How do you configure the VPNC to enforce that requirement?
Set up a VIA Authentication Profile that uses CPPM's server group; reference that profile in the VIA Web Authentication Profile.
Reference CPPM's server group in an AAA profile; then, apply that profile to the VPNC's Internet-facing ports.
Create a new VPN Authentication Profile and then reference CPPM's default server group in that profile.
Set up a VIA Authentication Profile that uses CPPM's server group; reference that profile in the VIA Connection Profile.
To configure the HPE Aruba Networking VIA solution for remote employees who need to download their VIA connection profile from the VPN Concentrator (VPNC) and ensure that only those who authenticate with their domain credentials through ClearPass Policy Manager (CPPM) can do so, you need to set up a VIA Authentication Profile. This profile should use the CPPM's RADIUS server group. Once the VIA Authentication Profile is created, you need to reference this profile in the VIA Web Authentication Profile. This configuration ensures that the authentication process requires employees to validate their credentials via CPPM before they can download the VIA connection profile.
Question 12
A company is using HPE Aruba Networking ClearPass Device Insight (CPDI) (the standalone application). You have identified a device, which is currently classified as one type, but you want to classify it as a custom type. You also want to classify all devices with similar attributes as this type, both already-discovered devices and new devices discovered later.
What should you do?
Create a user tag from the Generic Devices page, select the desired attributes for the tag, and save the tag.
In the device details, select reclassify, create a user rule based on its attributes, and choose 'Save & Reclassify.'
In the device details, select filter, create a user tag based on the device attributes, and save the tag.
Create a user rule from the Generic Devices page, select the desired attributes for the rule, and choose 'Save.'
When using HPE Aruba Networking ClearPass Device Insight (CPDI) and you need to reclassify a device to a custom type and apply this classification to all devices with similar attributes, both already discovered and newly discovered, you should follow these steps:
1. Navigate to the device details in CPDI.
2. Select the option to reclassify the device.
3. Create a user rule based on the desired attributes of the device.
4. Choose the 'Save & Reclassify' option.
This process ensures that the device is reclassified according to the new custom type and that the rule is applied to all existing and future devices with matching attributes, maintaining consistent classification across the network.
Question 13
You are deploying a virtual Data Collector for use with HPE Aruba Networking ClearPass Device Insight (CPDI). You have identified VLAN 101 in the data center as the VLAN to which the Data Collector should connect to receive its IP address and connect to HPE Aruba Networking Central.
Which Data Collector virtual ports should you tell the virtual admins to connect to VLAN 101?
The one with the lowest MAC address
The one with the highest port ID
The one with the highest MAC address
The one with the lowest port ID
When deploying a virtual Data Collector for HPE Aruba Networking ClearPass Device Insight (CPDI), it is essential to ensure that the correct virtual port is connected to the designated VLAN. In this case, VLAN 101 is used to receive the IP address and connect to Aruba Central. The best practice is to use the virtual port with the lowest port ID. This is typically the primary port used for management and network connectivity in virtual environments, ensuring proper network integration and communication.
Question 14
A company assigns a different block of VLAN IDs to each of its access layer AOS-CX switches. The switches run version 10.07. The IDs are used for standard purposes, such as for employees, VolP phones, and cameras. The company wants to apply 802.1X authentication to HPE Aruba Networking ClearPass Policy Manager (CPPM) and then steer clients to the correct VLANs for local forwarding.
What can you do to simplify setting up this solution?
Assign consistent names to VLANs of the same type across the AOS-CX switches and have user-roles reference names.
Use the trunk allowed VLAN setting to assign multiple VLAN IDs to the same role.
Change the VLAN IDs across the AOS-CX switches so that they are consistent.
Avoid configuring the VLAN in the role; use trunk VLANs to assign multiple VLANs to the port instead.
To simplify the setup of 802.1X authentication with HPE Aruba Networking ClearPass Policy Manager (CPPM) and ensure clients are steered to the correct VLANs for local forwarding, you should assign consistent names to VLANs of the same type across the AOS-CX switches and have user-roles reference these names. This approach allows for a more straightforward configuration and management process, as the user roles can apply consistent policies based on VLAN names rather than specific IDs. It also helps in maintaining clarity and reducing errors in VLAN assignments across different switches.
Question 15
A company lacks visibility into the many different types of user and loT devices deployed in its internal network, making it hard for the security team to address those devices.
Which HPE Aruba Networking solution should you recommend to resolve this issue?
HPE Aruba Networking ClearPass Device Insight (CPDI)
HPE Aruba Networking Network Analytics Engine (NAE)
HPE Aruba Networking Mobility Conductor
HPE Aruba Networking ClearPass OnBoard
For a company that lacks visibility into various types of user and IoT devices on its internal network, HPE Aruba Networking ClearPass Device Insight (CPDI) is the recommended solution. CPDI provides comprehensive visibility and profiling of all devices connected to the network. It uses machine learning and AI to identify and classify devices, offering detailed insights into their behavior and characteristics. This enhanced visibility enables the security team to effectively monitor and manage network devices, improving overall network security and compliance.
Question 16
A company is using HPE Aruba Networking ClearPass Device Insight (CPDI) (the standalone application). In the CPDI security settings, Security Analysis is On, the Data Source is ClearPass Devices Insight, and Enable Posture Assessment is On. You see that device has a Risk Score of 90.
What can you know from this information?
The posture is unhealthy, and CPDI has also detected at least one vulnerability on the device.
The posture is unhealthy, but CPDI has not detected any vulnerabilities on the device.
The posture is healthy, but CPDI has detected multiple vulnerabilities on the device.
The posture is unknown, and CPDI has detected exactly four vulnerabilities on the device.
In HPE Aruba Networking ClearPass Device Insight (CPDI), a device with a Risk Score of 90 indicates that the posture is unhealthy, and CPDI has detected at least one vulnerability on the device. The risk score is a reflection of the device's security posture and detected vulnerabilities. A high risk score, such as 90, typically signifies significant security concerns, including the presence of vulnerabilities that could be exploited, thereby categorizing the device as a high-risk asset within the network.
Question 17
You have set up a mirroring session between an AOS-CX switch and a management station, running Wireshark. You want to capture just the traffic sent in the mirroring session, not the management station's other traffic.
What should you do?
Apply this capture filter: ip proto 47
Edit protocol preferences and enable ARUBA_ERM.
Edit protocol preferences and enable HPE_ERM.
Apply this capture filter: udp port 5555
To capture only the traffic sent in the mirroring session between an AOS-CX switch and a management station running Wireshark, you should apply a capture filter that isolates the specific traffic of interest. In this case, using the filter udp port 5555 will capture the traffic associated with the mirroring session. This is because AOS-CX switches typically use UDP port 5555 for mirrored traffic, ensuring that only the relevant mirrored packets are captured and excluding other traffic generated by the management station.
Question 18
A company uses HPE Aruba Networking ClearPass Policy Manager (CPPM) as a TACACS+ server to authenticate managers on its AOS-CX switches. The company wants CPPM to control which commands managers are allowed to enter. You see there is no field to enter these commands in ClearPass.
How do you start configuring the command list on CPPM?
Add the Shell service to the managers' TACACS+ enforcement profiles.
Edit the TACACS+ settings in the AOS-CX switches' network device entries.
Create an enforcement policy with the TACACS+ type.
Edit the settings for CPPM's default TACACS+ admin roles.
To control which commands managers are allowed to enter on AOS-CX switches using HPE Aruba Networking ClearPass Policy Manager (CPPM) as a TACACS+ server, you need to add the Shell service to the TACACS+ enforcement profiles for the managers. This service allows you to define and enforce specific command sets and access privileges for users authenticated via TACACS+. By configuring the Shell service in the enforcement profile, you can specify the commands that are permitted or denied for the managers, ensuring controlled and secure access to the switch's command-line interface.
Question 19
HPE Aruba Networking ClearPass Policy Manager (CPPM) uses a service to authenticate clients. You are now adding the Endpoints Repository as an authorization source for the service, and you want to add rules to the service's policies that apply different access levels based, in part, on a client's device category. You need to ensure that CPPM can apply the new correct access level after discovering new clients' categories.
What should you enable on the service?
The Posture Compliance option in the Service tab
The Profile Endpoints option in the Service tab
The Use cached Roles and Posture attributes from previous sessions option in the Enforcement tab
The Audit End-host option in the Service tab
To ensure that HPE Aruba Networking ClearPass Policy Manager (CPPM) can apply the correct access levels based on a client's device category after discovering new clients, you need to enable the 'Profile Endpoints' option in the Service tab. This option allows CPPM to profile and categorize endpoints dynamically, ensuring that the appropriate access levels are applied based on the device's characteristics. Enabling this feature ensures that new devices are accurately profiled and that access policies can be enforced based on the updated device information.
Question 20
A company has AOS-CX switches and HPE Aruba Networking APs, which run AOS-10 and bridge their SSIDs. Company security policies require 802.1X on all edge ports, some of which connect to APs.
How should you configure the auth-mode on AOS-CX switches?
Configure all edge ports in device auth-mode.
Leave all edge ports in client auth-mode and configure device auth-mode in the AP role.
Configure all edge ports in client auth-mode.
Leave all edge ports in device auth-mode and configure client auth-mode in the AP role.
For a company with AOS-CX switches and HPE Aruba Networking APs running AOS-10, where 802.1X authentication is required on all edge ports, you should configure all edge ports in client auth-mode. This mode ensures that each client connecting through the APs is authenticated individually, maintaining the security policy requirements for 802.1X authentication on all connections.
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to Support@examgecko.com.
|
BASIC - 1 Month
$
3
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
20
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question