HP HPE6-A84 Quiz 1 Topic 8 Questions 1-5

Question: 1

A customer has an AOS 10 architecture, consisting of Aruba AP and AOS-CX switches, managed by Aruba Central. The customer wants to obtain information about the clients, such as their general category and OS.

What should you explain?

AThe customer must deploy Aruba gateways in order to receive any client profiling information.

BYou will need to set up Aruba Central as a secondary IP helper for client VLANs, but this will not interfere with existing operations.

CAruba Central will automatically derive this information using telemetry from the Aruba devices.

DThe customer should set up a dedicated switch VSX group to sniff packets and direct them to Aruba Central.

Show Answer

Question: 2

Refer to the scenario.

# Introduction to the customer

You are helping a company add Aruba ClearPass to their network, which uses Aruba network infrastructure devices.

The company currently has a Windows domain and Windows C

AThe Window CA issues certificates to domain computers, domain users, and servers such as domain controllers. An example of a certificate issued by the Windows CA is shown here.

The company is in the process of adding Microsoft Endpoint Manager (Intune) to manage its mobile clients. The customer is maintaining the on-prem AD for now and uses Azure AD Connect to sync with Azure AD.
# Requirements for issuing certificates to mobile clients
The company wants to use ClearPass Onboard to deploy certificates automatically to mobile clients enrolled in Intune. During this process, Onboard should communicate with Azure AD to validate the clients. High availability should also be provided for this scenario; in other words, clients should be able to get certificates from Subscriber 2 if Subscriber 1 is down.
The Intune admins intend to create certificate profiles that include a UPN SAN with the UPN of the user who enrolled the device.
# Requirements for authenticating clients
The customer requires all types of clients to connect and authenticate on the same corporate SSID.
The company wants CPPM to use these authentication methods:
To succeed, EAP-TLS (standalone or as a TEAP method) clients must meet these requirements:
# Requirements for assigning clients to roles
After authentication, the customer wants the CPPM to assign clients to ClearPass roles based on the following rules:
The customer requires CPPM to assign authenticated clients to AOS firewall roles as follows:
# Other requirements
Communications between ClearPass servers and on-prem AD domain controllers must be encrypted.
# Network topology
For the network infrastructure, this customer has Aruba APs and Aruba gateways, which are managed by Central. APs use tunneled WLANs, which tunnel traffic to the gateway cluster. The customer also has AOS-CX switches that are not managed by Central at this point.

# ClearPass cluster IP addressing and hostnames
A customer's ClearPass cluster has these IP addresses:
The customer's DNS server has these entries
You have imported the root certificate for the Windows CA to the ClearPass CA Trust list.
Which usages should you add to it based on the scenario requirements?

AEAP and AD/LDAP Server

BLDAP and Aruba infrastructure

CRadsec and Aruba infrastructure

DEAP and Radsec

Show Answer

Question: 3

You are configuring gateway IDS/IPS settings in Aruba Central.

For which reason would you set the Fail Strategy to Bypass?

ATo permit traffic if the IPS engine falls to inspect It

BTo enable the gateway to honor the allowlist settings configured in IDS/IPS policies

CTo tell gateways to stop enforcing IDS/IPS policies if they lose connectivity to the Internet

DTo avoid wasting IPS engine resources on filtering traffic for unauthenticated clients

Show Answer

Question: 4

Refer to the scenario.

A hospital has an AOS10 architecture that is managed by Aruba Central. The customer has deployed a pair of Aruba 9000 Series gateways with Security licenses at each clinic. The gateways implement IDS/IPS in IDS mode.

The Security Dashboard shows these several recent events with the same signature, as shown below:

q4_HPE6-A84

Which step could give you valuable context about the incident?

AView firewall sessions on the APs and record the threat sources' type and OS.

BView the user-table on APs and record the threat sources' 802.11 settings.

CView the RAPIDS Security Dashboard and see if the threat sources are listed as rogues.

DFind the Central client profile for the threat sources and note their category and family.

Show Answer

Question: 5

Refer to the exhibit.

q5_HPE6-A84

Which IP address should you record as a possibly compromised client?

A10.1.26.151

B10.1J.100

C10.1.26.1

D10.254.1.21

Show Answer

HP HPE6-A84 Quiz:1 Topic:8 Questions:1-5