Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

HP HPE7-A02 - Aruba Certified Network Security Professional Exam

Page: 4 / 4
Total 130 questions

A company has AOS-CX switches and HPE Aruba Networking APs, which run AOS-10 and bridge their SSIDs. Company security policies require 802.1X on all

edge ports, some of which connect to APs.

How should you configure the auth-mode on AOS-CX switches?

A.

Configure all edge ports in device auth-mode.

B.

Leave all edge ports in client auth-mode and configure device auth-mode in the AP role.

C.

Configure all edge ports in client auth-mode.

D.

Leave all edge ports in device auth-mode and configure client auth-mode in the AP role.

What is one benefit of integrating HPE Aruba Networking ClearPass Policy Manager (CPPM) with third-party solutions such as Mobility Device Management (MDM) and firewalls?

A.

CPPM can exchange contextual information about clients with third-party solutions, which helps make better decisions.

B.

CPPM can make the third-party solutions more secure by adding signature-based threat detection capabilities.

C.

CPPM can offload policy decisions to the third-party solutions, enabling CPPM to respond to authentication requests more quickly.

D.

CPPM can take over filtering internal traffic so that the third-party solutions have more processing power to devote to filtering external traffic.

You are configuring the HPE Aruba Networking ClearPass Device Insight Integration settings on ClearPass Policy Manager (CPPM). For which use case should you set the 'Tag Updates Action" to "apply for all tag updates"?

A.

When the Device Insight integration poll interval is set to a relatively long interval but you still want CPPM to be informed quickly about devices' new tags.

B.

When Device Insight tags are only used to identify dangerous devices, and you want to disconnect those devices without having to set up new rules in enforcement policies.

C.

When CPPM is gathering posture information for CPDI, and you want CPDI to always have access to the most up-to-date information.

D.

When you plan to have CPPM issue CoAs for clients with new tags, but do not want to have to list those specific tags in the Device Integration settings in advance.

A company has a third-party security appliance deployed in its data center. The company wants to pass all traffic for certain clients through that device before forwarding that traffic toward its ultimate destination.

Which AOS-CX switch technology fulfills this use case?

A.

Virtual Network Based Tunneling (VNBT)

B.

MC-LAG

C.

Network Analytics Engine (NAE)

D.

Device profiles

HPE Aruba Networking ClearPass Device Insight (CPDI) could not classify some endpoints using system and user rules. Using machine learning, it did assign those endpoints to a cluster and discover a recommendation. In which of these circumstances does CPDI automatically classify the endpoints based on that recommendation?

A.

The recommendation has 96% confidence, and it is based on 13 classified devices.

B.

The recommendation has 98% confidence, and it is based on 5 classified devices.

C.

The recommendation has 93% confidence, and it is based on 36 classified devices.

D.

The recommendation has 100% confidence, and it is based on 4 classified devices.

A company assigns a different block of VLAN IDs to each of its access layer AOS-CX switches. The switches run version 10.07. The IDs are used for standard

purposes, such as for employees, VolP phones, and cameras. The company wants to apply 802.1X authentication to HPE Aruba Networking ClearPass Policy

Manager (CPPM) and then steer clients to the correct VLANs for local forwarding.

What can you do to simplify setting up this solution?

A.

Assign consistent names to VLANs of the same type across the AOS-CX switches and have user-roles reference names.

B.

Use the trunk allowed VLAN setting to assign multiple VLAN IDs to the same role.

C.

Change the VLAN IDs across the AOS-CX switches so that they are consistent.

D.

Avoid configuring the VLAN in the role; use trunk VLANs to assign multiple VLANs to the port instead.

A company needs to enforce 802.1X authentication for its Windows domain computers to HPE Aruba Networking ClearPass Policy Manager (CPPM). The

company needs the computers to authenticate as both machines and users in the same session.

Which authentication method should you set up on CPPM?

A.

TEAP

B.

PEAP MSCHAPv2

C.

EAP-TTLS

D.

EAP-TLS

What role can Internet Key Exchange (IKE)/IKEv2 play in an HPE Aruba Networking client-to-site VPN?

A.

It provides an alternative to IPsec that is suitable for legacy clients.

B.

It provides a more modern and secure alternative to IPsec.

C.

It helps to negotiate the IPsec SA automatically and securely.

D.

It helps remote clients download IPsec profiles for later use.

Your company wants to implement Tunneled EAP (TEAP).

How can you set up HPE Aruba Networking ClearPass Policy Manager (CPPM) to enforce certificated-based authentication for clients using TEAP?

A.

For the service using TEAP, set the authentication source to an internal database.

B.

Select a service certificate when you specify TEAP as a service's authentication method.

C.

Create an authentication method named "TEAP" with the type set to EAP-TLS.

D.

Select an EAP-TLS-type authentication method for the TEAP method's inner method.