HP HPE7-A02 Quiz 1 Topic 12 Questions 1-5

Question: 1

A port-access role for AOS-CX switches has this policy applied to it:

plaintext

Copy code

port-access policy mypolicy

10 class ip zoneC action drop

20 class ip zoneA action drop

100 class ip zoneB

The classes have this configuration:

plaintext

Copy code

class ip zoneC

10 match tcp 10.2.0.0/16 eq https

class ip zoneA

10 match ip any 10.1.0.0/16

class ip zoneB

10 match ip any 10.0.0.0/8

The company wants to permit clients in this role to access 10.2.12.0/24 with HTTPS. What should you do?

AAdd this rule to zoneC: 5 match any 10.2.12.0/24 eq https

BAdd this rule to zoneA: 5 ignore tcp any 10.2.12.0/24 eq https

CAdd this rule to zoneB: 5 match tcp any 10.2.12.0/24 eq https

DAdd this rule to zoneC: 5 ignore tcp any 10.2.12.0/24 eq https

Show Answer

Question: 2

A company uses HPE Aruba Networking ClearPass Device Insight (CPDI) (the standalone application option). In the details for a generic device cluster, you see a

recommendation for "Windows 8/10" with 70% accuracy.

What does this mean?

ACPDI has detected that these devices match about 70% of the system rule for defining 'Windows 8/10' devices.

BCPDI has matched these devices against several, conflicting system rules. 70% of those rules are for 'Windows 8/10' devices.

CCPDI has grouped this cluster with similar classified devices. 70% of those classified devices are 'Windows 8/10.'

DCPDI has used MAC OUI to group these devices together. The average device's MAC address matches 70% of the 'Windows 8/10' OUI.

Show Answer

Question: 3

Refer to Exhibit:

q3_HPE7-A02

All of the switches in the exhibit are AOS-CX switches.

What is the preferred configuration on Switch-2 for preventing rogue OSPF routers in this network?

AConfigure OSPF authentication on VLANs 10-19 in password mode.

BConfigure OSPF authentication on Lag 1 in MD5 mode.

CDisable OSPF entirely on VLANs 10-19.

DConfigure passive-interface as the OSPF default and disable OSPF passive on Lag 1.

Show Answer

Question: 4

A company assigns a different block of VLAN IDs to each of its access layer AOS-CX switches. The switches run version 10.07. The IDs are used for standard

purposes, such as for employees, VolP phones, and cameras. The company wants to apply 802.1X authentication to HPE Aruba Networking ClearPass Policy

Manager (CPPM) and then steer clients to the correct VLANs for local forwarding.

What can you do to simplify setting up this solution?

AAssign consistent names to VLANs of the same type across the AOS-CX switches and have user-roles reference names.

BUse the trunk allowed VLAN setting to assign multiple VLAN IDs to the same role.

CChange the VLAN IDs across the AOS-CX switches so that they are consistent.

DAvoid configuring the VLAN in the role; use trunk VLANs to assign multiple VLANs to the port instead.

Show Answer

Question: 5

A company has a variety of HPE Aruba Networking solutions, including an HPE Aruba Networking infrastructure and HPE Aruba Networking ClearPass Policy

Manager (CPPM). The company passes traffic from the corporate LAN destined to the data center through a third-party SRX firewall. The company would like to

further protect itself from internal threats.

What is one solution that you can recommend?

AHave the third-party firewall send Syslogs to CPPM, which can work with network devices to lock internal attackers out of the network.

BUse tunnel mode SSIDs and user-based tunneling (UBT) on AOS-CX switches to pass all internal traffic directly through the third-party firewall.

CAdd ClearPass Device Insight (CPDI) to the solution; integrate it with the third-party firewall to develop more complete device profiles.

DConfigure CPPM to poll the third-party firewall for a broad array of information about internal clients, such as profile and posture.

Show Answer

HP HPE7-A02 Quiz:1 Topic:12 Questions:1-5