HP HPE7-A02 Practice Test - Questions Answers, Page 8

List of questions
Question 71

A company wants HPE Aruba Networking ClearPass Policy Manager (CPPM) to respond to Syslog messages from its Check Point firewall. You have added the firewall as an event source and set up an event service. However, test Syslog messages are not triggering the expected actions.
What is one CPPM setting that you should check?
Question 72

An AOS-CX switch has been configured to implement UBT to a cluster of three HPE Aruba Networking gateways.
How does the switch determine to which gateways to tunnel UBT users' traffic?
Question 73

What correctly describes an HPE Aruba Networking AP's Device (TPM) certificate?
Question 74

Refer to the Exhibit.
You have downloaded a packet capture that you generated on HPE Aruba Networking Central. When you open the capture in Wireshark, you see the output shown in the exhibit.
What should you do in Wireshark so that you can better interpret the packets?
Question 75

A company wants to implement Virtual Network based Tunneling (VNBT) on a particular group of users and assign those users to an overlay network with VNI
3000.
Assume that an AOS-CX switch is already set up to:
. Implement 802.1X to HPE Aruba Networking ClearPass Policy Manager (CPPM)
. Participate in an EVPN VXLAN solution that includes VNI 3000
Which setting should you configure in the users' AOS-CX role to apply VNBT to them when they connect?
Question 76

A company uses both HPE Aruba Networking ClearPass Policy Manager (CPPM) and HPE Aruba Networking ClearPass Device Insight (CPDI).
What is one way integrating the two solutions can help the company implement Zero Trust Security?
Question 77

What role can Internet Key Exchange (IKE)/IKEv2 play in an HPE Aruba Networking client-to-site VPN?
Question 78

A company uses HPE Aruba Networking ClearPass Policy Manager (CPPM) as a TACACS+ server to authenticate managers on its AOS-CX switches. The company wants CPPM to control which commands managers are allowed to enter.
Which service must you add to the managers' TACACS+ enforcement profile?
Question 79

An AOS-CX switch has this admin user account configured on it:
netadmin in the operators group.
You have configured these commands on an AOS-CX switch:
tacacs-server host cp.example.com key plaintext &12xl,powmay7855
aaa authentication login ssh group tacacs local
aaa authentication allow-fail-through
A user accesses the switch with SSH and logs in as netadmin with the correct password. When the switch sends a TACACS+ request to the ClearPass server at cp.example.com, the server does not send a response. Authentication times out.
What happens?
Question 80

A port-access role for AOS-CX switches has this policy applied to it:
plaintext
Copy code
port-access policy mypolicy
10 class ip zoneC action drop
20 class ip zoneA action drop
100 class ip zoneB
The classes have this configuration:
plaintext
Copy code
class ip zoneC
10 match tcp 10.2.0.0/16 eq https
class ip zoneA
10 match ip any 10.1.0.0/16
class ip zoneB
10 match ip any 10.0.0.0/8
The company wants to permit clients in this role to access 10.2.12.0/24 with HTTPS. What should you do?
Question