11.11 Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

HPE7-A02 Aruba Certified Network Security Professional Exam Questions and Answers

Questions 4

A company has HPE Aruba Networking APs and AOS-CX switches, as well as HPE Aruba Networking ClearPass. The company wants CPPM to have HTTP User-

Agent strings to use in profiling devices.

What can you do to support these requirements?

Options:

A.

Add the CPPM server's IP address to the IP helper list in all client VLANs on routing switches.

B.

Schedule periodic subnet scans of all client subnets on CPPM.

C.

Configure mirror sessions on the APs and switches to copy client HTTP traffic to CPPM.

D.

On the APs and switches, configure a redirect to ClearPass Guest in the role for devices being profiled.

Buy Now
Questions 5

A company wants HPE Aruba Networking ClearPass Policy Manager (CPPM) to respond to Syslog messages from its Check Point firewall. You have added the

firewall as an event source and set up an event service. However, test Syslog messages are not triggering the expected actions.

What is one CPPM setting that you should check?

Options:

A.

ClearPass Device Insight integration is disabled.

B.

The Check Point Extension is installed through ClearPass Guest.

C.

The CoA delay value is set to 0 on the server.

D.

Ingress Event Dictionaries for Check Point messages are enabled.

Buy Now
Questions 6

You are setting up an HPE Aruba Networking VIA solution for a company. You have already created a VPN pool with IP addresses for the remote clients. During

tests, however, the clients do not receive IP addresses from that pool.

What is one setting to check?

Options:

A.

That the pool uses valid, public IP addresses that are assigned to the company

B.

That the pool is associated with the role to which the VIA clients are being assigned

C.

That the pool uses an IP subnet that is different from any subnet configured on the VPNC

D.

That the pool is referenced in the clients' VIA Connection Profile

Buy Now
Questions 7

You are using OpenSSL to obtain a certificate signed by a Certification Authority (CA). You have entered this command:

openssl req -new -out file1.pem -newkey rsa:3072 -keyout file2.pem

Enter PEM pass phrase: **********

Verifying - Enter PEM pass phrase: **********

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]:California

Locality Name (eg, city) []:Sunnyvale

Organization Name (eg, company) [Internet Widgits Pty Ltd]:example.com

Organizational Unit Name (eg, section) []:Infrastructure

Common Name (e.g. server FQDN or YOUR name) []:radius.example.com

What is one guideline for continuing to obtain a certificate?

Options:

A.

You should use a third-party tool to encrypt file2.pem before sending it and file1.pem to the CA.

B.

You should concatenate file1.pem and file2.pem into a single file, and submit that to the desired CA to sign.

C.

You should submit file1.pem, but not file2.pem, to the desired CA to sign.

D.

You should submit file2.pem, but not file1.pem, to the desired CA to sign.

Buy Now
Questions 8

HPE Aruba Networking Central displays an alert about an Infrastructure Attack that was detected. You go to the Security > RAPIDS events and see that the attack

was "Detect adhoc using Valid SSID."

What is one possible next step?

Options:

A.

Use HPE Aruba Networking Central floorplans or the detecting AP identities to locate the general area for the threat.

B.

Look for the IP address associated with the offender and then check for that IP address among HPE Aruba Networking Central clients.

C.

Make sure that you have tuned the threshold for that check, as false positives are common for it.

D.

Make sure that clients have updated drivers, as faulty drivers are a common explanation for this attack type.

Buy Now
Questions 9

A company uses both HPE Aruba Networking ClearPass Policy Manager (CPPM) and HPE Aruba Networking ClearPass Device Insight (CPDI).

What is one way integrating the two solutions can help the company implement Zero Trust Security?

Options:

A.

CPPM can provide CPDI with custom device fingerprint definitions in order to enhance the company's total visibility.

B.

CPDI can provide CPPM with extra information about users' identity; CPPM can then use that information to apply the correct identity-based enforcement.

C.

CPPM can inform CPDI that it has assigned a particular Aruba-User-Role to a client; CPDI can then use that information to reclassify the client.

D.

CPDI can use tags to inform CPPM that clients are using prohibited applications; CPPM can then tell the network infrastructure to quarantine those clients.

Buy Now
Questions 10

A company needs you to integrate HPE Aruba Networking ClearPass Policy Manager (CPPM) with HPE Aruba Networking ClearPass Device Insight (CPDI).

What is one task you should do to prepare?

Options:

A.

Install the root CA for CPPM's HTTPS certificate as trusted in the CPDI application.

B.

Configure WMI, SSH, and SNMP external accounts for device scanning on CPPM.

C.

Enable Insight in the CPPM server configuration settings.

D.

Collect a Data Collector token from HPE Aruba Networking Central.

Buy Now
Questions 11

You need to set up HPE Aruba Networking ClearPass Policy Manager (CPPM) to provide certificate-based authentication of 802.1X supplicants.

How should you upload the root CA certificate for the supplicants' certificates?

Options:

A.

As a ClearPass Server certificate with the RADIUS/EAP usage

B.

As a Trusted CA with the AD/LDAP usage

C.

As a Trusted CA with the EAP usage

D.

As a ClearPass Server certificate with the Database usage

Buy Now
Questions 12

You need to create a rule in an HPE Aruba Networking ClearPass Policy Manager (CPPM) role mapping policy that references a ClearPass Device Insight Tag.

Which Type (namespace) should you specify for the rule?

Options:

A.

Application

B.

Tips

C.

Device

D.

Endpoint

Buy Now
Questions 13

HPE7-A02 Question 13

You have downloaded a packet capture that you generated on HPE Aruba Networking Central. When you open the capture in Wireshark, you see the output shown in the

exhibit.

What should you do in Wireshark so that you can better interpret the packets?

Options:

A.

Choose to decode UDP port 5555 packets as ARUBA_ERM and set the Aruba ERM Type to 0.

B.

Edit preferences for IEEE 802.11 and chose to ignore the Protection bit with IV.

C.

Apply the following display filter: wlan.fc.type == 1.

D.

Edit the Enabled Protocols and make sure that 802.11, GRE, and Aruba_ERM are enabled.

Buy Now
Questions 14

A company is using HPE Aruba Networking Central SD-WAN Orchestrator to establish a hub-spoke VPN between branch gateways (BGWs) at 1444 site and

VPNCs at multiple data centers.

What is part of the configuration that admins need to complete?

Options:

A.

At the global level, create default IPsec policies for the SD-WAN Orchestrator to use.

B.

In BGWs' groups, select the VPNCs to which to connect in a DC preference list.

C.

In VPNCs' groups, establish VPN pools to control which branches connect to which VPNCs.

D.

In BGWs' and VPNCs' groups, create default IKE policies for the SD-WAN Orchestrator to use.

Buy Now
Questions 15

A company has wired VolP phones, which transmit tagged traffic and connect to AOS-CX switches. The company wants to tunnel the phones' traffic to an HPE

Aruba Networking gateway for applying security policies.

What is part of the correct configuration on the AOS-CX switches?

Options:

A.

UBT mode set to VLAN extend

B.

A VXLAN VNI mapped to the VLAN assigned to the VolP phones

C.

VLANs assigned to the VolP phones configured on the switch uplinks

D.

A UBT reserved VLAN set to a VLAN dedicated for that purpose

Buy Now
Questions 16

Assume that an AOS-CX switch is already implementing DHCP snooping and ARP inspection successfully on several VLANs.

What should you do to help minimize disruption time if the switch reboots?

Options:

A.

Configure the switch to act as an ARP proxy.

B.

Create static IP-to-MAC bindings for the DHCP and DNS servers.

C.

Save the IP-to-MAC bindings to external storage.

D.

Configure the IP helper address on this switch, rather than a core routing switch.

Buy Now
Questions 17

The security team needs you to show them information about MAC spoofing attempts detected by HPE Aruba Networking ClearPass Policy Manager (CPPM).

What should you do?

Options:

A.

Export the Access Tracker records on CPPM as an XML file.

B.

Use ClearPass Insight to run an Active Endpoint Security report.

C.

Integrate CPPM with ClearPass Device Insight (CPDI) and run a security report on CPDI.

D.

Show the security team the CPPM Endpoint Profiler dashboard.

Buy Now
Questions 18

A company uses HPE Aruba Networking ClearPass Device Insight (CPDI) (the standalone application option). In the details for a generic device cluster, you see a

recommendation for "Windows 8/10" with 70% accuracy.

What does this mean?

Options:

A.

CPDI has detected that these devices match about 70% of the system rule for defining "Windows 8/10" devices.

B.

CPDI has matched these devices against several, conflicting system rules. 70% of those rules are for "Windows 8/10" devices.

C.

CPDI has grouped this cluster with similar classified devices. 70% of those classified devices are "Windows 8/10."

D.

CPDI has used MAC OUI to group these devices together. The average device's MAC address matches 70% of the "Windows 8/10" OUI.

Buy Now
Questions 19

Which use case is fulfilled by applying a time range to a firewall rule on an AOS device?

Options:

A.

Enforcing the rule only during the specified time range

B.

Tuning the session timeout for sessions established with this rule

C.

Locking clients that violate the rule for the specified time range

D.

Setting the time range over which hit counts for the rule are aggregated

Buy Now
Questions 20

You have run an Active Endpoint Security Report on HPE Aruba Networking ClearPass. The report indicates that hundreds of endpoints have MAC addresses but

no known IP addresses.

What is one step for addressing this issue?

Options:

A.

Set up network devices to implement RADIUS accounting to CPPM.

B.

Add CPPM's IP address to the IP helper list on routing switches.

C.

Set up switches to implement ARP inspection on client VLANs.

D.

Configure CPPM as a Syslog destination on network devices.

Buy Now
Questions 21

A company has HPE Aruba Networking APs running AOS-10 and managed by HPE Aruba Networking Central. The company also has AOS-CX switches. The

security team wants you to capture traffic from a particular wireless client. You should capture this client's traffic over a 15 minute time period and then send the

traffic to them in a PCAP file.

What should you do?

Options:

A.

Go to the client's AP in HPE Aruba Networking Central. Use the "Security" page to run a packet capture.

B.

Access the CLI for the client's AP. Set up a mirroring session between its radio and a management station running Wireshark.

C.

Access the CLI for the client's AP's switch. Set up a mirroring session between the AP's port and a management station running Wireshark.

D.

Go to that client in HPE Aruba Networking Central. Use the "Live Events" page to run a packet capture.

Buy Now
Exam Code: HPE7-A02
Exam Name: Aruba Certified Network Security Professional Exam
Last Update: Nov 6, 2024
Questions: 70

PDF + Testing Engine

$56  $159.99

Testing Engine

$42  $119.99
buy now HPE7-A02 testing engine

PDF (Q&A)

$35  $99.99
buy now HPE7-A02 pdf