ExamGecko
Home / HP / HPE7-A02 / List of questions
Ask Question

HP HPE7-A02 Practice Test - Questions Answers, Page 3

Add to Whishlist

List of questions

Question 21

Report Export Collapse

A company has HPE Aruba Networking Central-managed APs. The company wants to block all clients connected through the APs from using YouTube.

Which steps should you take?

Deploy gateways and have the APs tunnel traffic to the gateways. Then, enable the gateway IDS/IPS engine.

Deploy gateways and have the APs tunnel traffic to the gateways. Then, enable the gateway IDS/IPS engine.

Enable Client IPS at the 'custom' level, and then specify the check for YouTube.

Enable Client IPS at the 'custom' level, and then specify the check for YouTube.

Enable WebCC on all client firewall roles. Then, create WebCC category rules that deny suspicious URLs.

Enable WebCC on all client firewall roles. Then, create WebCC category rules that deny suspicious URLs.

Enable DPI. Then, create application rules to deny YouTube on the firewall roles.

Enable DPI. Then, create application rules to deny YouTube on the firewall roles.

Suggested answer: D
Explanation:

To block all clients connected through HPE Aruba Networking Central-managed APs from accessing YouTube, you should enable DPI (Deep Packet Inspection) and then create application rules to deny YouTube on the firewall roles. DPI allows the network to inspect and classify traffic based on application signatures, making it possible to enforce application-specific policies. By creating rules that specifically block YouTube traffic, you can effectively prevent clients from accessing the service.

asked 14/02/2025
Lucile Jeanneret
45 questions

Question 22

Report Export Collapse

What is one use case for implementing user-based tunneling (UBT) on AOS-CX switches?

Centralizing the distribution of wired traffic without requiring HPE Aruba Networking gateways

Centralizing the distribution of wired traffic without requiring HPE Aruba Networking gateways

Tunneling traffic directly to a third-party firewall in a client data center

Tunneling traffic directly to a third-party firewall in a client data center

Adding 802.1X while continuing to use the existing VLAN and ACL structure in the Ethernet network

Adding 802.1X while continuing to use the existing VLAN and ACL structure in the Ethernet network

Applying enhanced security features such as deep packet inspection (DPI) to wired traffic

Applying enhanced security features such as deep packet inspection (DPI) to wired traffic

Suggested answer: D
Explanation:

Implementing user-based tunneling (UBT) on AOS-CX switches is beneficial for applying enhanced security features such as deep packet inspection (DPI) to wired traffic. UBT allows the traffic from specific users or devices to be tunneled to a central controller or security appliance where advanced security policies, including DPI, can be applied. This approach ensures that even wired traffic benefits from the same level of security and inspection typically available for wireless traffic, thus enhancing overall network security.

asked 14/02/2025
Georgescu Andrei
52 questions

Question 23

Report Export Collapse

A company has HPE Aruba Networking APs running AOS-10 that connect to AOS-CX switches. The APs will:

. Authenticate as 802.1X supplicants to HPE Aruba Networking ClearPass Policy Manager (CPPM)

. Be assigned to the 'APs' role on the switches

. Have their traffic forwarded locally

What information do you need to help you determine the VLAN settings for the 'APs' role?

Whether the APs have static or DHCP-assigned IP addresses

Whether the APs have static or DHCP-assigned IP addresses

Whether the switches are using local user-roles (LURs) or downloadable user-roles (DURs)

Whether the switches are using local user-roles (LURs) or downloadable user-roles (DURs)

Whether the switches have established tunnels with an HPE Aruba Networking gateway

Whether the switches have established tunnels with an HPE Aruba Networking gateway

Whether the APs bridge or tunnel traffic on their SSIDs

Whether the APs bridge or tunnel traffic on their SSIDs

Suggested answer: D
Explanation:

To determine the VLAN settings for the 'APs' role on AOS-CX switches, it is crucial to know whether the APs bridge or tunnel traffic on their SSIDs. If the APs are bridging traffic, the VLAN settings on the switch need to align with the VLANs used by the SSIDs. If the APs are tunneling traffic to a controller or gateway, the VLAN settings might differ as the traffic is encapsulated and forwarded through the tunnel. Understanding this aspect ensures that the VLAN configuration on the switches correctly supports the traffic forwarding method employed by the APs.

asked 14/02/2025
Med Amine Aloui
36 questions

Question 24

Report Export Collapse

Your company wants to implement Tunneled EAP (TEAP).

How can you set up HPE Aruba Networking ClearPass Policy Manager (CPPM) to enforce certificated-based authentication for clients using TEAP?

For the service using TEAP, set the authentication source to an internal database.

For the service using TEAP, set the authentication source to an internal database.

Select a service certificate when you specify TEAP as a service's authentication method.

Select a service certificate when you specify TEAP as a service's authentication method.

Create an authentication method named 'TEAP' with the type set to EAP-TLS.

Create an authentication method named 'TEAP' with the type set to EAP-TLS.

Select an EAP-TLS-type authentication method for the TEAP method's inner method.

Select an EAP-TLS-type authentication method for the TEAP method's inner method.

Suggested answer: D
Explanation:

To set up HPE Aruba Networking ClearPass Policy Manager (CPPM) to enforce certificate-based authentication for clients using Tunneled EAP (TEAP), you need to select an EAP-TLS-type authentication method for TEAP's inner method. TEAP allows for a combination of certificate-based (EAP-TLS) and password-based (EAP-MSCHAPv2) authentication. By choosing EAP-TLS as the inner method, you ensure that the clients are authenticated using their certificates, thus enforcing certificate-based authentication within the TEAP framework.

asked 14/02/2025
Donna Brown
45 questions

Question 25

Report Export Collapse

Admins have recently turned on Wireless IDS/IPS infrastructure detection at the high level on HPE Aruba Networking APs. When you check WIDS events, you see several RTS rate and CTS rate anomalies, which were triggered by neighboring APs.

What can you interpret from this event?

These neighboring APs are likely to be wireless clients that are inappropriately bridging their wired and wireless NICs; you should track down and remove them.

These neighboring APs are likely to be wireless clients that are inappropriately bridging their wired and wireless NICs; you should track down and remove them.

These neighboring APs might be hackers trying to launch a DoS, but are more likely operating normally; you should start by tuning the event thresholds.

These neighboring APs might be hackers trying to launch a DoS, but are more likely operating normally; you should start by tuning the event thresholds.

These neighboring APs are actually rogue APs, and you should enable wireless tarpit containment on them.

These neighboring APs are actually rogue APs, and you should enable wireless tarpit containment on them.

These neighboring APs are actually rogue APs, and you should enable wireless de-authentication containment on them.

These neighboring APs are actually rogue APs, and you should enable wireless de-authentication containment on them.

Suggested answer: B
Explanation:

When Wireless IDS/IPS infrastructure detection reports RTS (Request to Send) and CTS (Clear to Send) rate anomalies triggered by neighboring APs, it is often an indication of unusual, but not necessarily malicious, behavior. These anomalies can be caused by neighboring APs operating normally but under specific conditions that trigger the alerts. Before assuming a security threat, it is recommended to tune the event thresholds to better match the environment and reduce false positives. This approach helps to distinguish between normal operations and potential DoS attacks.

asked 14/02/2025
Saikhantsetseg Donnelly
41 questions

Question 26

Report Export Collapse

HPE Aruba Networking Central displays an alert about an Infrastructure Attack that was detected. You go to the Security > RAPIDS events and see that the attack was 'Detect adhoc using Valid SSID.'

What is one possible next step?

Become a Premium Member for full access
  Unlock Premium Member

Question 27

Report Export Collapse

A company has a variety of HPE Aruba Networking solutions, including an HPE Aruba Networking infrastructure and HPE Aruba Networking ClearPass Policy

Manager (CPPM). The company passes traffic from the corporate LAN destined to the data center through a third-party SRX firewall. The company would like to further protect itself from internal threats.

What is one solution that you can recommend?

Become a Premium Member for full access
  Unlock Premium Member

Question 28

Report Export Collapse

A company wants to apply a standard configuration to all AOS-CX switch ports and have the ports dynamically adjust their configuration based on the identity of the user or device that connects. They want to centralize configuration of the identity-based settings as much as possible.

What should you recommend?

Become a Premium Member for full access
  Unlock Premium Member

Question 29

Report Export Collapse

A company issues user certificates to domain computers using its Windows CA and the default user certificate template. You have set up HPE Aruba Networking

ClearPass Policy Manager (CPPM) to authenticate 802.1X clients with those certificates. However, during tests, you receive an error that authorization has failed because the usernames do not exist in the authentication source.

What is one way to fix this issue and enable clients to successfully authenticate with certificates?

Become a Premium Member for full access
  Unlock Premium Member

Question 30

Report Export Collapse

You need to use 'Tips:Posture' conditions within an 802.1X service's enforcement policy.

Which guideline should you follow?

Become a Premium Member for full access
  Unlock Premium Member
Total 130 questions
Go to page: of 13
Search

Related questions